ChangeLog / TODO
================

[+] New functionality
[!] Fixed error
[%] Found bug
[*] Changes in existing functionality
[-] Feature in TODO
[?] New feature in TODO

Trying to sort tasks according to their priority.

2009-12-13 v0.5
	* [-] Keeping track of failures.
	      Started (place in state files created)
	* [-] Implement static passwords;
		They might be required always or just to perform some commands
		like second-channel usage.
	* [%] GMP might leak information with reallocs of it's mpz_t
	* [?] Cleanup PPP interface. This should look like follows.
	      "State" is class implementing some basic features of 
	      state management. From this 'class' ppp is derived.
	      ppp implements high-level functions which should be used
	      explicitly to manage state information unless something
	      more fine-grained is necessary.
	* [-] Scan all FIXME/TODO entries
	* [-] Manuals
	* [-] Check bit distribution for alphabets not divisible by 2
	* [-] Improve error messages when state file is not found.
        * [?] Big thing - Move state files to /etc + SUID.
	* [?] Use locales for user messages [_("")? ]
	* [?] Config file in /etc/security
	      pam_access parses this file itself; samba(winbind) uses
	      iniparser library (on MIT license)
	* [%] Ensure that PAM session can display warning in three calls
	      to conversation function. If not, we must build a buffer
	      (See for example how winscp shows that warning)
	* [?] Use PAM_SERVICE_ERR

	Low-priority:
	* [?] Improve LaTeX output (some colors, borders?)
        * [?] Incorporate SSH key fingerprints on passcards?
	* [-] Keep lines below 75 columns? Or 80?
	* [-] off-by-one testcases; a bit tests done.

2009-12-13 v0.4
	* [!] Fixed some memory leaks.
	* [!] Ensure state loaded correctly when label/caption full
        * [+] Improve testcases so when they fail it's clearly visible.
	* [+] Fixed licensing so the project can be hosted on Savannah
	* [+] CHECK: Can pam module use openlog()? Maybe the log is already opened? I guess so...
		Seems ok. pam_unix defines pam_syslog as openlog, vsyslog,
		closelog.
	* [+] Warnings when on last passcard
	* [+] Add information to state files about last usage of second
              channel. Important to limit number of e.g. sent sms.
	      Second-channel itself still not implemented
	* [+] Calling external script for mailing/sms
	* [+] Key generation might be to slow on systems without mouse...
	      Maybe use openssl prng and initialize it from urandom?
	      Also is there any reason to use SHA256 on RANDOM data?
	      Maybe few bytes from rng + some from prng and SHA out of it?
	* [+] Place common functions inside a shared library       
	* [-] Keeping track of failures.
	      Started (place in state files created)
	* [-] Implement static passwords;
		They might be required always or just to perform some commands
		like second-channel usage.
	* [%] GMP might leak information with reallocs of it's mpz_t
	* [?] Cleanup PPP interface. This should look like follows.
	      "State" is class implementing some basic features of 
	      state management. From this 'class' ppp is derived.
	      ppp implements high-level functions which should be used
	      explicitly to manage state information unless something
	      more fine-grained is necessary.
	* [-] Scan all FIXME/TODO entries
	* [-] Manuals
	* [-] Check bit distribution for alphabets not divisible by 2
	* [-] Improve error messages when state file is not found.
        * [?] Big thing - Move state files to /etc + SUID.
	* [?] Use locales for user messages [_("")? ]
	* [?] Config file in /etc/security
	      pam_access parses this file itself; samba(winbind) uses
	      iniparser library (on MIT license)
	* [%] Ensure that PAM session can display warning in three calls
	      to conversation function. If not, we must build a buffer
	      (See for example how winscp shows that warning)
	* [?] Use PAM_SERVICE_ERR

	Low-priority:
	* [?] Improve LaTeX output (some colors, borders?)
        * [?] Incorporate SSH key fingerprints on passcards?
	* [-] Keep lines below 75 columns? Or 80?
	* [-] off-by-one testcases; a bit tests done.

	To be removed:
	* [-] Single-authentication/locking per user option to prevent DoS
	      This would enable attacker to perform just another DoS attack.
	* [-] Share objects between targets (CMake)
	      Splitting project into shared lib, util + pam is better
2008-12-02 v0.3
	* [!] Fixed some memory leaks.
	* [!] Ensure state loaded correctly when label/caption full
	* [+] Fixed licensing so the project can be hosted on Savannah
	* [-] CHECK: Can pam module use openlog()? Maybe the log is already opened? I guess so...
	* [-] Warnings when on last passcard
	* [-] Calling external script for mailing/sms
	* [-] Share objects between targets (CMake)
	      I'll rather ignore it. .so must have -fPIC, util shouldn't...
	* [?] Scan all FIXME/TODO entries
	* [?] Keep lines below 75 columns? Or 80?
	* [?] off-by-one testcase; a bit done
	* [?] manuals
	* [%] GMP might leak information with reallocs of it's mpz_t
	* [?] Single-authentication/locking per user option to prevent DoS
	* [?] Check bit distribution for alphabets not divisible by 2
	* [?] Error messages when no state file.
	* [?] Key generation might be to slow on systems without mouse...
	      Maybe use openssl prng and initialize it from urandom?
	      Also is there any reason to use SHA256 on RANDOM data?
	      Maybe few bytes from rng + some from prng and SHA out of it?
	* [?] Keeping track of failures.
	      Started (place in state files created)

2009-12-01 v0.2
	* [!] One off-by-one error fixed
	* [+] Implement label and contact setting
	* [+] Differentiate abnormal errors from normal errors
	* [+] 'next' behaviour with LaTeX (+6!)
	* [+] Decide on state file look, add version
	* [+] ppp testcase - statistical
	* [+] Check all assertions! If they don't contain anything important
	* [%] Ensure state loaded correctly when label/caption full
	* [-] CHECK: Can pam module use openlog()? Maybe the log is already opened? I guess so...
	* [-] Warnings when on last passcard
	* [-] Calling external script for mailing/sms
	* [-] Share objects between targets (CMake)
	* [-] Using Gecos field for phone information?
	* [?] Scan all FIXME/TODO entries
	* [?] Keep lines below 75 columns? Or 80?
	* [?] off-by-one testcase; a bit done
	* [?] manuals
	* [%] GMP might leak information with reallocs of it's mpz_t

2009-12-01 v0.1 first working version

	* [!] CHECK: Make testcase to check if locking file and then rewritting it has any sense.
		It didn't; rewritten code uses .lck file
	* [+] Implement/debug Retries
	* [+] Implement skipping
	* [+] Implement next functionality
	* [+] Printing 'next' passcard.
	* [+] Ensure passcards/codes passed by user are in range and won't get larger because of increments.
		Needs debuging. Especially internal incrementation.
	* [+] Ensure file permissions are always set correctly
	* [+] If not locked when storing/loading lock it for this procedure.

	* [-] CHECK: Can pam module use openlog()? Maybe the log is already opened? I guess so...
	* [-] Warnings when on last passcard
	* [-] Decide on state file look, add version
	* [-] Implement label and contact setting
	* [-] Calling external script for mailing/sms
	* [-] Share objects between targets (CMake)
	* [-] Using Gecos field for phone information?
	* [?] Keep lines below 75 columns? Or 80?
	* [?] 'next' behaviour with LaTeX (+6!)
	* [?] ppp testcase - statistical
	* [?] off-by-one testcase
	* [?] manuals

2009-11-24 intro/rapid-development TODO
== "Roadmap" to v1.0 ==
	* [-] CHECK: Can pam module use openlog()? Maybe the log is already opened? I guess so...
	* [-] CHECK: Make testcase to check if locking file and then rewritting it has any sense.
	* [-] Implement/debug Retries
	* [-] Implement skipping
	* [-] Implement next functionality
	* [-] Warnings when on last passcard
	* [-] Printing 'next' passcard.
	* [-] Ensure passcards/codes passed by user are in range and won't get larger because of increments.
	* [-] Ensure file permissions are always set correctly
	* [-] If not locked when storing/loading lock it for this procedure.
	* [-] Decide on state file look, add version
	* [-] Implement label and contact setting
	* [-] Calling external script for mailing/sms
	* [-] Share objects between targets (CMake)
	* [-] Using Gecos field for phone information?
