Community Bonding Period

• Write proof-of-concept to test Python's GPGME bindings.
• Research disk handling with Python
• Research smartcard handling and key generation with Python
• Write a proper threat model for offline master key storage
• Locate various communities around these tools (gnupg-users, etc) to assist when stuck.

Week 1

• Write "user stories"
  • Figure out what exactly the user wants to do, what information we need from them, and how that maps to the traditional GPG key generation process
• Use these stories to restructure the UI

Week 2

• Finish restructuring
  • It's really important to get this right before I start writing the major parts of this application
• Skeleton UI

Week 3

• Disk handling UI
  • This is basically what makes or breaks this application so it has to work and work really well
• Test disk handling UI on as many removable storage devices as I can get my hands on

Week 4

• Test everything we have so far
• Automated testing for python-newt
  • Allow tests to mock user input and write tests to take advantage of this
• Overflow for anything not finished on schedule

Evaluation Period 1 / Week 5

• Generate GPG keys on disk
• Add keysigning and revocation process

Week 6

• Support for exporting to a smartcard
• Generate GPG keys on a smartcard

Week 7

• Generate GPG keys on a smartcard
  • Two weeks is a long time for developing support to generate keys on a smartcard, but this operation does not appear to be supported by GPGME

Week 8

• Test everything
• Overflow for anything not finished on schedule

Evaluation Period 2 / Week 9

• Call for testing from the wider Debian/FLOSS community
• Create a Debian package for the pgp-clean-room application and submit it to mentors.d.o

Week 10

• TBD

Week 11

• TBD

Week 12

• TBD

Week 13

• Testing, testing and more testing
• Overflow for anything not finished on schedule
• Debconf18? (Would need sponsorship, but I don't want to apply for that unless I have a project to present about)

Evaluation Period 3 / Week 14

• Incorporate translations and community testing
• Bug fixes

Misc

Would like to do these if I have time but we'll see how this goes

• PKI/CA UI
  • Scripts for this already exist on the PGP Clean Room, so this would simply be a matter of exposing them via python-newt
• Secure the Live Environment as much as possible
  • Minimize local packages, remove device drivers for anything that's not keyboard/mouse/storage/graphics
• Prepare application for translation
  • Research Debian's translation infrastructure and reach out to the appropriate teams to have the application translated
• Alternative UI (Qt, GTK, etc)