From 5e73ae20956e409b7f70ab292af360aa41b49c93 Mon Sep 17 00:00:00 2001
From: Cameron Dale <camrdale@gmail.com>
Date: Fri, 7 Mar 2008 16:38:33 -0800
Subject: [PATCH] Another TODO item.

---
 TODO | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/TODO b/TODO
index 192670b..f726992 100644
--- a/TODO
+++ b/TODO
@@ -61,6 +61,16 @@ first piece, in which case it is downloaded from a 3rd peer, with
 consensus revealing the misbehaving peer.
 
 
+Consider tracking security issues with packages.
+
+Since sharing information with others about what packages you have
+downloaded (and probably installed) is a possible security
+vulnerability, it would be advantageous to not share that information
+for packages that have known security vulnerabilities. This would
+require some way of obtaining a list of which packages (and versions)
+are vulnerable, which is not currently available.
+
+
 Consider adding peer characteristics to the DHT.
 
 Bad peers could be indicated in the DHT by adding a new value that is
-- 
2.39.2