projects / quix0rs-apt-p2p.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Another TODO item.
[quix0rs-apt-p2p.git] / TODO
diff --git a/TODO b/TODO
index 192670b54e3de79b2d0775c61e470c13ea13da79..f72699275cc161b09c62fafc871a041e2c1f75fe 100644 (file)
--- a/TODO
+++ b/TODO
@@ -61,6 +61,16 @@ first piece, in which case it is downloaded from a 3rd peer, with
 consensus revealing the misbehaving peer.
 
 
+Consider tracking security issues with packages.
+
+Since sharing information with others about what packages you have
+downloaded (and probably installed) is a possible security
+vulnerability, it would be advantageous to not share that information
+for packages that have known security vulnerabilities. This would
+require some way of obtaining a list of which packages (and versions)
+are vulnerable, which is not currently available.
+
+
 Consider adding peer characteristics to the DHT.
 
 Bad peers could be indicated in the DHT by adding a new value that is
This repository hosts the whole main script. If you would like to clone this repository please always do this: $ git remote add --track master camrdale git://git.camrdale.org/git/apt-p2p.git $ git pull camrdale master This will make sure you track Cameron Dale's repository. This repository is now tracked on OpenHub: https://www.openhub.net/p/apt-p2p