# HG changeset patch # User Matti Hamalainen # Date 1105496944 0 # Node ID 05db7469aeb4c29fc6d8389f0cabbe0abdd68521 # Parent 2e82a1742254efc5c719c11cb623e94d356cf0f8 More ideas diff -r 2e82a1742254 -r 05db7469aeb4 TODO --- a/TODO Wed Jan 12 02:29:02 2005 +0000 +++ b/TODO Wed Jan 12 02:29:04 2005 +0000 @@ -34,10 +34,35 @@ XSIDB if something is found. - Convenience functionality? - * retrieve latest HVSC and song-length databases automatically? - * use 'curl' or 'wget' binary or use libcurl and implement - getting of those in plugin itself? + retrieve latest HVSC and song-length databases automatically? + use 'curl' or 'wget' binary or use libcurl and implement + getting of those in plugin itself. example: + + 0) if enabled: + + 1) get "http://www.tnsp.org/xs-files/LATEST", contents might + something similar to: + +HVSC 5.8 http://... +sldb 5.8 http://... +stable 0.8.0 http://www.tnsp.org/xs-files/xmms-sid-0.8.0.tar.gz +devel 0.9.0alpha0 http://www.tnsp.org/xs-files/xmms-sid-0.9.0alpha0.tar.gz + 2) verify signature. tell user about xmms-sid updates and + ask user if he wants the HVSC/sldb updates + + 3) if yes, download updates and verify + + 4) unzip, install, etc. + + security issues: + - how to prevent dns-spoofing or other attempts + to distribute invalid data? + - if forged data is got: exploitation of further vulnerabilities + in xmms-sid or unzip/tar may be possible + - only good way would be PGP/GnuPG signing of packages, but + that might be quite hard to implement... + Crazy ideas: - Song "pre-rendering" support+position selector