Community Bonding Period
- Write proof-of-concept to test Python's GPGME bindings.
- Research disk handling with Python
- Research smartcard handling and key generation with Python
- Write a proper threat model for offline master key storage
- Locate various communities around these tools (gnupg-users, etc) to assist when stuck.
Week 1
- Write "user stories"
- Figure out what exactly the user wants to do, what information we need from them, and how that maps to the traditional GPG key generation process
- Use these stories to restructure the UI
Week 2
- Finish restructuring
- It's really important to get this right before I start writing the major parts of this application
- Skeleton UI
Week 3
- Disk handling UI
- This is basically what makes or breaks this application so it has to work and work really well
- Test disk handling UI on as many removable storage devices as I can get my hands on
Week 4
- Test everything we have so far
- Automated testing for python-newt
- Allow tests to mock user input and write tests to take advantage of this
- Overflow for anything not finished on schedule
Evaluation Period 1 / Week 5
- Generate GPG keys on disk
- Add keysigning and revocation process
Week 6
- Support for exporting to a smartcard
- Generate GPG keys on a smartcard
Week 7
- Generate GPG keys on a smartcard
- Two weeks is a long time for developing support to generate keys on a smartcard, but this operation does not appear to be supported by GPGME
Week 8
- Test everything
- Overflow for anything not finished on schedule
Evaluation Period 2 / Week 9
- Call for testing from the wider Debian/FLOSS community
- Create a Debian package for the pgp-clean-room application and submit it to mentors.d.o
Week 10
- TBD
Week 11
- TBD
Week 12
- TBD
Week 13
- Testing, testing and more testing
- Overflow for anything not finished on schedule
- Debconf18? (Would need sponsorship, but I don't want to apply for that unless I have a project to present about)
Evaluation Period 3 / Week 14
- Incorporate translations and community testing
- Bug fixes
Misc
Would like to do these if I have time but we'll see how this goes
- PKI/CA UI
- Scripts for this already exist on the PGP Clean Room, so this would simply be a matter of exposing them via python-newt
- Secure the Live Environment as much as possible
- Minimize local packages, remove device drivers for anything that's not keyboard/mouse/storage/graphics
- Prepare application for translation
- Research Debian's translation infrastructure and reach out to the appropriate teams to have the application translated
- Alternative UI (Qt, GTK, etc)