Skip to content
Snippets Groups Projects

Thandy

Last edited by Gaba

Projects for Thandy

Here are some things we must do to get Thandy integrated to the bundles:

  • Implement a PackageSystem for OSX, and another for whatever win32 package system we're on by then. We'll need to figure out what features our current packages lack, and how best to get them. I think that we only partially have a Thandy 'upgrade system' implementation like this for win32, and we have no 'upgrade system' like this implemented for osx. So Thandy's current requirements for an upgrade system are that there be:
    • Some good way to install packages
    • Some way to tell which version of a package is installed
    • Maybe, some way to remove packages
  • Set up a testing Thandy repository with testing roles.
  • Build a set of initial packages for one or two bundles. Set up thandy to update those bundles. Test it.
  • Solve other issues as identified by testing.
  • Either internationalization, a simple gui frontend, or both.

Here are some things that we should do that would help Thandy-and-bundle integration:

  • Split the bundles into separate packages that can get upgraded separately.
  • Maybe, move our windows packages to MSI.

Here are some things we could do that would help Thandy-and-bundle integration.

  • Maybe, port the Thandy client to some language or runtime that is easier for Windows use than Python.

Here are some things that we ought to do not necessarily related to Thandy-and-bundle integration:

  • Grab and reintegrate all the "good ideas" from TUF. I think Justin wanted to help with this.
  • Maybe, give thandy the ability to remove ancient files from its cache.
  • Solve mirrorability issues raised by weasel on or-dev.

Security issues from the old TODO:

  • Check SSL certs or something in urllib2. Not that Thandy really cares about repositories getting mitm'd.
  • Notice exceptionally slow bandwidths; treat as failure-like.
  • Make sure we actually verify that timestamps in files listed in ts file match ts file's declared timestamps for them. Spec this.
  • Never replace a file with one that has an older timestamp. Spec this.
  • Fallback locations to find starting metafiles in, if we don't have any cached yet.
  • Make file lengths mandatory; specify their use completely.

Other things from the old TODO:

  • Multi-item packages
  • Package-remove support

Comments

    Please register or sign in to add a comment.