X-Git-Url: https://git.mxchange.org/?p=quix0rs-apt-p2p.git;a=blobdiff_plain;f=TODO;h=2475df8644fe1cd71481d45354eba98b7e9da367;hp=192670b54e3de79b2d0775c61e470c13ea13da79;hb=742952098988651e561baa30dcde02aeede2eddf;hpb=b36fa9c7f5ad4827c8de990fbfca1a379bb60e39

diff --git a/TODO b/TODO
index 192670b..2475df8 100644
--- a/TODO
+++ b/TODO
@@ -1,15 +1,3 @@
-Evaluate and fix some errors in the ktable khashmir module.
-
-The KTable implementation has some possible errors in it. insertNode
-does not remove the original and use the new node when updating a node
-already in the table, as claimed by the comments. justSeenNode doesn't
-verify that the found node is the node that was being looked for, nor
-does it move the node to the end of the list of nodes (since they are
-supposed to be sorted by their lastSeen time) or update the bucket's
-last touched time.nodeFailed also doesn't verify the found node is the
-right node.
-
-
 Consider what happens when we are the closest node.
 
 In some of the actions it is unclear what happens when we are one of the
@@ -61,6 +49,16 @@ first piece, in which case it is downloaded from a 3rd peer, with
 consensus revealing the misbehaving peer.
 
 
+Consider tracking security issues with packages.
+
+Since sharing information with others about what packages you have
+downloaded (and probably installed) is a possible security
+vulnerability, it would be advantageous to not share that information
+for packages that have known security vulnerabilities. This would
+require some way of obtaining a list of which packages (and versions)
+are vulnerable, which is not currently available.
+
+
 Consider adding peer characteristics to the DHT.
 
 Bad peers could be indicated in the DHT by adding a new value that is