summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2018-01-09 18:33:11 -0200
committerSilvio Rhatto <rhatto@riseup.net>2018-01-09 18:33:11 -0200
commit5a7a127c90da856ccfbb1fe04084718192fd715c (patch)
treeef9eef711f16ebffbe4e56a9bd1f4c44431257cf
parent7ae888494558998e9b7a296ca90c10d83f411008 (diff)
downloadkeyringer-5a7a127c90da856ccfbb1fe04084718192fd715c.tar.gz
keyringer-5a7a127c90da856ccfbb1fe04084718192fd715c.tar.bz2
Archiving the trac instance
-rw-r--r--TODO.csv139
-rw-r--r--index.md3
2 files changed, 141 insertions, 1 deletions
diff --git a/TODO.csv b/TODO.csv
new file mode 100644
index 0000000..1ae8f20
--- /dev/null
+++ b/TODO.csv
@@ -0,0 +1,139 @@
+ticket,summary,component,version,milestone,type,owner,status,created,_changetime,_description,_reporter
+55,Recryption error when using gpg-agent in text mode,usability,2.0.0,hardened,defect,Silvio Rhatto,reopened,2014-04-06T20:31:22-03:00,2014-04-17T20:02:46-03:00,"Seems like the following construction is filtering the passphrase prompt for the text mode {{{gpg-agent}}} input:
+
+{{{
+decrypted=""$($GPG --use-agent -d ""$KEYDIR/$FILE"" 2> /dev/null)""
+}}}",Silvio Rhatto
+80,possible race condition,usability,2.0.0,,task,,new,2017-07-26T13:06:56-03:00,2017-11-03T10:46:07-02:00,"I've been battling this weird problem for over a year and I have finally seem to have found a work-around.
+
+Here's a description of the problem: sometimes when I use append-batch, I get an error:
+
+{{{
+gpg: no valid OpenPGP data found.
+gpg: block_filter 0x00005595421fb850: read error (size=15267,a->size=15267)
+gpg: encrypted_mdc packet with unknown version 255
+:encrypted data packet: [unknown version]
+gpg: block_filter: pending bytes!
+}}}
+
+Typically, after another user has added a new password, I'm able to successfully add a new password myself. However, if I try to add a second password I get the error.
+
+This problem doesn't seem to affect other members of the team.",jamie
+75,Recipient error when using ~ on repository path,packaging,2.0.0,hardened,defect,Silvio Rhatto,new,2016-02-05T05:44:03-02:00,2016-02-05T05:44:03-02:00,Recipient error when using {{{~}}} on repository path.,Silvio Rhatto
+3,Integration with ssss,security,2.0.0,hardened,task,Silvio Rhatto,assigned,2012-06-28T00:54:47-03:00,2014-12-19T10:46:38-02:00,Integration with ssss or [https://packages.debian.org/stable/libgfshare-bin gfsplit] as outlined in the [https://git.sarava.org/?p=keyringer.git;a=shortlog;h=refs/heads/ssss ssss branch].,Silvio Rhatto
+8,Background color,security,2.0.0,hardened,task,Silvio Rhatto,assigned,2013-03-22T17:37:58-03:00,2013-10-26T13:38:10-02:00,Change the terminal background color when displaying secrets. ,Silvio Rhatto
+15,Make custom merge driver so that when branches diverge they are recoverable,usability,2.0.0,hardened,task,somebody,new,2013-09-16T18:36:21-03:00,2013-10-26T13:38:42-02:00,"`gitattributes(5)` and `git-merge-files(1)` suggest ways to provide custom merge drivers and custom diff engines.
+
+These could be used to keep both the working directories and the centralized repository encrypted, while still enabling people to do a ""git rebase origin/master"" if they had some sort of race condition.",Daniel Kahn Gillmor
+22,Check if secret already exists,usability,2.0.0,hardened,task,somebody,new,2013-09-29T19:45:51-03:00,2013-10-26T13:39:11-02:00,"When encrypting, check if the secret already exists and provide the user an choice whether to overwrite or not. Include an environment variable to bypass this check and use it for internal {{{encrypt}}} invocations.",Silvio Rhatto
+25,Signed tags and commits,packaging,2.0.0,hardened,task,somebody,new,2013-10-22T21:58:29-02:00,2018-01-03T20:15:56-02:00,Support for automatically sign tags and commits in a keyring.,Silvio Rhatto
+29,Use a memory buffer as a temporary storage,security,2.0.0,hardened,task,Silvio Rhatto,new,2013-11-14T16:08:13-02:00,2013-11-14T16:08:13-02:00,We could go beyound [ticket:13 ramdisk checks] and use a memory buffer as [ticket:13#comment:1 suggested].,Silvio Rhatto
+31,Enhanced output,usability,2.0.0,hardened,task,Silvio Rhatto,new,2013-11-16T14:13:21-02:00,2013-11-16T14:13:21-02:00,Improved keyringer general output with some fancy stuff.,Silvio Rhatto
+33,Incorporate features from pass,usability,2.0.0,hardened,task,Silvio Rhatto,new,2013-11-26T16:42:22-02:00,2013-11-26T16:42:22-02:00,"Incorporate functionalities and behavior from [http://zx2c4.com/projects/password-store/ pass], including a migration action.",Silvio Rhatto
+35,Integration with git-remote-gcrypt,security,2.0.0,hardened,task,Silvio Rhatto,new,2013-12-13T11:29:37-02:00,2013-12-13T11:29:37-02:00,"Provide integration with [https://github.com/blake2-ppc/git-remote-gcrypt git-remote-gcrypt] by syncing keyringer's recipient configuration with git-remote-gcrypt's {{{remote.<name>.gcrypt-participants}}} and {{{gcrypt.participants}}}.
+",Silvio Rhatto
+36,Threat model,security,2.0.0,hardened,task,Silvio Rhatto,new,2014-01-10T16:53:05-02:00,2014-01-10T16:53:05-02:00,Write keyringer threat model.,Silvio Rhatto
+39,Check action,usability,2.0.0,hardened,task,Silvio Rhatto,new,2014-02-24T20:28:04-03:00,2014-02-24T20:28:04-03:00,Implement {{{keyringer <keyring> check}}} with maintenance and check operations.,Silvio Rhatto
+40,Canary,security,2.0.0,hardened,task,Silvio Rhatto,new,2014-02-24T20:28:26-03:00,2015-05-28T19:47:42-03:00,Keyringer's canary implementation.,Silvio Rhatto
+43,Signed recipients,security,2.0.0,hardened,task,Silvio Rhatto,new,2014-03-06T18:39:41-03:00,2014-03-06T18:39:41-03:00,Signed recipient configuration that can be changed just by recipient members.,Silvio Rhatto
+45,Support for git-annex,security,2.0.0,hardened,task,Silvio Rhatto,new,2014-03-14T11:02:39-03:00,2014-03-14T11:07:20-03:00,Support [http://git-annex.branchable.com/ git-annex] so large files can be managed easily.,Silvio Rhatto
+46,Key import/export,packaging,2.0.0,hardened,task,Silvio Rhatto,new,2014-03-14T11:16:57-03:00,2014-04-11T15:10:34-03:00,"Add {{{export-keys}}}, {{{export-secret-keys}}} and {{{import-keys}}} actions which export/import keys from the OpenPGP keyring to a keyringer secret.
+
+This is useful for sharing an OpenPGP Role Key, backing up collective/mailing list keys and also use keyringer as an alternative sharing scheme for OpenPGP keys other thank keyservers.
+
+Key refreshing from {{{keyringer <keyring> check}}} might have a feature to not use keyservers and instead refresh keys just from the keyring repository.",Silvio Rhatto
+47,Report on secret's encryption dates,usability,2.0.0,hardened,task,Silvio Rhatto,new,2014-03-18T11:59:33-03:00,2014-03-27T22:14:09-03:00,Report generation to inform users the last time a secret was updated. Useful to alert about passwords that should be changed regularly.,Silvio Rhatto
+48,Consider --compress-algo NULL,security,2.0.0,hardened,task,Silvio Rhatto,new,2014-03-18T16:20:26-03:00,2014-03-27T23:17:26-03:00,"the openpgp mailing list has a discussion right now about the riskiness of the use of compression when compressing password files when an attacker can observe the size of the file and can force the user to add a new password of the attackers' choosing (similar to the TLS CRIME attack):
+
+ https://www.ietf.org/mail-archive/web/openpgp/current/msg07252.html
+
+I haven't thought through all the consequences here yet, but it's possible that we should ensure that keyringer always uses --compress-algo NULL when encrypting any of its data files.",Daniel Kahn Gillmor
+54,Check recipients before decrypt/recrypt,usability,2.0.0,hardened,task,Silvio Rhatto,new,2014-04-06T20:12:12-03:00,2014-04-06T20:12:12-03:00,"Check if user can {{{decrypt}}}/{{{recrypt}}} a given secret based on recipient configuration.
+
+This check doesn't need to be made with {{{encrypt}}} action as it's desirable to allow users to encrypt secrets which they won't be able to decrypt -- that's the case when the user is not listed in the recipient file corresponded to the secret path.",Silvio Rhatto
+56,Hidden recipient support,security,2.0.0,hardened,task,Silvio Rhatto,new,2014-04-11T15:56:20-03:00,2014-04-11T15:56:20-03:00,"Support for {{{--hidden-recipient}}} GnuPG option to hide user metadata from the keyring. To be effective, recipient and other configuration will also need to be encrypted using the same option.
+
+This also raises a couple of questions:
+
+ 1. How to check signatures in recipient files and other configuration without having to decrypt the file?
+ 2. Or maybe is better to just recommend people to setup pseudonymous OpenPGP keys and do not implement the {{{--hidden-recipient}}} feature?",Silvio Rhatto
+57,Signed and encrypted config files,security,2.0.0,hardened,task,Silvio Rhatto,new,2014-04-11T16:03:50-03:00,2014-04-11T16:03:50-03:00,"Setup signed and optionally encrypted files for recipients, options, etc.
+
+Consider if keyringer should sign all recipients and check if the OpenPGP signature made in the recipient file matches one of the OpenPGP fingerprints stored inside the recipient.
+
+Also, consider to encrypt a recipient just to the listed OpenPGP fingerprints.
+
+While this doesn't guarantee that an attacker having write access to a repository cannot sneak an OpenPGP fingerprint inside a recipient file, it's an additional check.
+
+Maybe some other complex signature chain check could be built to ensure recipient files were not tampered.",Silvio Rhatto
+60,Secret padding,security,2.0.0,hardened,task,Silvio Rhatto,new,2014-04-16T17:58:10-03:00,2014-04-16T17:58:10-03:00,Pad secrets with garbage before encryption to avoid size-based attacks. Unpad upon decryption.,Silvio Rhatto
+61,Incorporate features from pwd.sh,usability,2.0.0,hardened,task,Silvio Rhatto,new,2014-05-04T11:39:17-03:00,2014-05-04T11:39:17-03:00,Incorporate features from [https://github.com/stef/pwd.sh pwd.sh].,Silvio Rhatto
+68,Abstract gpg and git,packaging,2.0.0,hardened,task,Silvio Rhatto,new,2015-02-08T13:23:02-02:00,2015-02-08T13:23:02-02:00,"Abstract references to git and gpg with variables, increasing keyringer's portability and allowing the user to use custom 'git' and 'gpg' implementations like wrappers or those installed locally and not system-wide.",Silvio Rhatto
+73,KRunner compatibility,usability,2.0.0,hardened,task,Silvio Rhatto,new,2015-11-12T13:37:27-02:00,2015-11-12T13:37:27-02:00,See [https://github.com/rhatto/keyringer/issues/2# gpg: cannot open tty `/dev/tty' when keyringer run in KRunner · Issue #2 · rhatto/keyringer · GitHub].,Silvio Rhatto
+74,Missing README file,packaging,2.0.0,hardened,task,Silvio Rhatto,new,2015-11-12T13:38:32-02:00,2015-11-12T13:38:32-02:00,See [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799256 #799256 - keyringer: Missing README file - Debian Bug report logs].,Silvio Rhatto
+4,Enhanced help,usability,2.0.0,library,task,Silvio Rhatto,assigned,2012-06-28T00:57:31-03:00,2014-03-27T22:48:13-03:00,Enhanced command-line help: applications should be more verbose about it's usage.,Silvio Rhatto
+66,Puppet integration,packaging,2.0.0,library,task,Silvio Rhatto,new,2014-09-04T13:35:31-03:00,2015-09-26T09:38:14-03:00,"Puppet integration with:
+
+ 1. Keyringer installation using git or package.
+ 2. Management of keyrings, including regular checks on recipient keys validity.
+ 3. Function ""keyring"" to read secrets with similiar hierarchical lookups similar to hiera. ",Silvio Rhatto
+70,Browser integration,usability,2.0.0,library,task,Silvio Rhatto,new,2015-05-31T10:13:37-03:00,2015-05-31T10:13:37-03:00,Integration with web browsers for password management.,Silvio Rhatto
+71,YAML store,usability,2.0.0,library,task,Silvio Rhatto,new,2015-07-20T18:37:45-03:00,2015-07-20T18:37:45-03:00,YAML store with optional JSON output.,Silvio Rhatto
+81,Task manager,usability,2.0.0,library,task,,new,2017-08-31T08:58:06-03:00,2017-08-31T09:15:51-03:00,"Task manager action and subcommands for keyringer:
+
+{{{
+keyringer <keyring> task ls [status] # list tasks
+keyringer <keyring> task view <id> # get task details
+keyringer <keyring> task new # create a task
+keyringer <keyring> task update <id> # edit a task
+keyringer <keyring> task status <id> <new-status> # change task status
+}}}
+
+Proposed folder structure:
+
+{{{
+keys/tasks/<status>/id
+}}}
+
+Notes:
+
+* Changing task status just moves the task file to a new folder.
+* Encryption/decryption is done transparently using regular keyringer actions.
+* Allow field definitions using YAML inside each task file.
+* Milestones could be folders with symlinks to existing tasks or YAML files with task references.",Silvio Rhatto
+63,Keyring name should not contain dot character,usability,1.0.0,,enhancement,Silvio Rhatto,new,2014-07-19T23:00:47-03:00,2016-12-29T14:40:41-02:00,"Creating a keyring with a dot character in its name will produce unintended behavior in bash tab completion. The reason is that the .keyringer/config is sourced as seen in https://keyringer.pw/trac/browser/lib/keyringer/completions/bash/keyringer#L72.
+
+I would suggest to not let use initiate a keyring with a dot character in its name.",irregulator
+44,Xclip error,usability,2.0.0,hardened,defect,Silvio Rhatto,new,2014-03-06T18:40:20-03:00,2014-04-17T16:38:46-03:00,"Check {{{xclip}}} error that happens sometimes:
+
+{{{
+Error: target STRING not available
+}}}",Silvio Rhatto
+28,File extension discovery,security,2.0.0,hardened,task,Silvio Rhatto,new,2013-11-14T14:43:59-02:00,2014-04-17T16:39:32-03:00,"Altough some applications called by {{{xdg-open}}} use a file content to determine it's MIME type, right now we're relying on file extensions to make sure every application is supported, but with the downside of revealing the file extension in the keyring repository.
+
+One alternative would be to reset {{{TMPWORK}}} depending on the MIME type returned by {{{file -i}}} or {{{xdg-mime query filetype}}}.",Silvio Rhatto
+38,Enhanced error verbosity,usability,2.0.0,hardened,task,Silvio Rhatto,new,2014-02-12T12:14:16-02:00,2014-04-17T16:39:24-03:00,"Be more verbose on error handling, implementing functions like {{{warning()}}} and {{{fail()}}} to output errors with uppercase prefixes.",Silvio Rhatto
+51,OneTime integration,security,2.0.0,hardened,task,Silvio Rhatto,new,2014-03-27T21:42:57-03:00,2014-04-17T16:43:30-03:00,"Integration with [http://www.red-bean.com/onetime/ OneTime] ({{{onetime}}} action), so {{{keyringer}}} acts as a wrapper to keep {{{pad-records}}} updated and OpenPGP encrypted+signed in the keyring repository.
+
+Keyringer won't distribute the shared secret by default, but will help pad metadata to be kept in sync. It could also have a helper action {{{onetime-gen}}} to help with secret generation.",Silvio Rhatto
+52,Plugin support,usability,2.0.0,hardened,task,Silvio Rhatto,new,2014-03-27T22:40:02-03:00,2014-04-17T16:39:18-03:00,"Support for easily deployable {{{keyringer}}} plugins like git does, where any executable available on {{{$PATH}}} whose name starts with {{{keyringer-}}} can be accessed directly through {{{keyringer}}}.
+
+As an example, an executable name {{{keyringer-magic}}} could be accessed via
+
+{{{
+keyringer <keyring> magic [arguments]
+}}}
+
+Plugins could be written in any language and their only requisite is to accept the keyring basedir as the first command line argument.
+
+That seems feasible with a couple changes at {{{keyringer_exec}}} and {{{keyringer_has_action}}}.",Silvio Rhatto
+16,ZSH completion upstream,packaging,2.0.0,library,task,somebody,new,2013-09-16T23:03:15-03:00,2014-04-17T16:44:09-03:00,"Request [ticket:2 zsh completion] to be included upstream once it's mature, as discussed [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717540 here].",Silvio Rhatto
+24,New logo,usability,2.0.0,library,task,somebody,new,2013-10-14T15:50:19-03:00,2014-05-16T14:28:15-03:00,"New keyringer logo, using the [https://www.schneier.com/blog/archives/2012/08/shared_lock.html shared lock] idea.",Silvio Rhatto
+58,Message board,usability,2.0.0,library,task,Silvio Rhatto,new,2014-04-11T16:09:08-03:00,2014-04-17T16:45:20-03:00,"Could we add a message board implementation atop keyringer with indexing, threads, metadata, read and compose? Maybe using the [ticket:45 annex]? :)",Silvio Rhatto
+42,Mailing list,usability,2.0.0,hardened,task,Silvio Rhatto,new,2014-03-06T18:39:18-03:00,2014-04-17T16:38:39-03:00,Do we need a mailing list?,Silvio Rhatto
+59,Hidden service howto,usability,2.0.0,hardened,task,Silvio Rhatto,new,2014-04-11T16:11:27-03:00,2014-04-17T16:45:29-03:00,"Add simple instructions to how managing remote repositories, covering the special case of a standar repository or a {{{gitolite}}} managed repository server behind a Tor hidden service.",Silvio Rhatto
+67,Document tips,usability,2.0.0,hardened,task,Silvio Rhatto,new,2014-09-12T15:33:20-03:00,2014-09-12T15:33:48-03:00,"Document miscelaneous tips, including:
+
+ * How to migrate from other password managers.
+ * How to move secrets between keyrings.",Silvio Rhatto
+23,Portuguese translation,usability,2.0.0,library,task,somebody,new,2013-10-04T13:15:15-03:00,2014-04-17T16:43:39-03:00,Translate documentation to portuguese.,Silvio Rhatto
diff --git a/index.md b/index.md
index 6c1849a..05cb55b 100644
--- a/index.md
+++ b/index.md
@@ -6,7 +6,8 @@ commands to encrypt, decrypt, recrypt, create key pairs, etc.
- Project page: [https://keyringer.pw](https://keyringer.pw)
- Manpage: [keyringer.1](share/man/keyringer.1)
- License: [GPLv3+](LICENSE)
-- Issue tracker: [https://keyringer.pw/trac](https://keyringer.pw/trac)
+- Current issue tracker: `TODO.csv` from repository (please consider helping me migrate to bugs-everywhere or a `TODO.md`).
+- Archived issue tracker: [https://keyringer.pw/trac](https://keyringer.pw/trac)
- Tor hidden service: [http://4qt45wbulqipigwa.onion](http://4qt45wbulqipigwa.onion)
- Releases: [https://keyringer.pw/releases](releases)
- Contact: rhatto at riseup.net