mirror of
https://github.com/feather-wallet/feather.git
synced 2024-12-22 11:39:25 +00:00
136 lines
5 KiB
Markdown
136 lines
5 KiB
Markdown
## Maintenance priority
|
|
|
|
This document is written for developers and users interested in learning how Feather is developed.
|
|
|
|
### 1. Security
|
|
|
|
- Fix security issues and privacy leaks affecting Feather
|
|
- Note: If you believe to have found a vulnerability, please refer to [SECURITY.md](SECURITY.md)
|
|
- Rebase the Monero submodule on top of the latest `monero-project/monero` tag
|
|
- Monero releases may contain undisclosed security fixes
|
|
- Update or patch statically linked dependencies that have known vulnerabilities
|
|
- Run `feather-utils/depends/vulns.py` to check
|
|
- Review the diff of any altered package to mitigate the risk of supply chain attacks
|
|
- Update compilers and security flags for better binary security
|
|
- Reduce the number of third-party dependencies
|
|
- Keep the [website](https://github.com/feather-wallet/feather-site/blob/master/mirrors.txt) VPS up-to-date and secure
|
|
- Contact relevant authorities to take [phishing sites](https://gist.github.com/tobtoht/4039fa3cf922d4fe8bca2f8e3ddac63b) offline
|
|
- Make improvements to the [release process](RELEASE.md)
|
|
|
|
Goals:
|
|
|
|
- Set up a bug bounty program for issues that affect privacy or security
|
|
- Set up a status page with information about project health
|
|
- Set up a feed for security bulletins
|
|
- Sandbox components that handle untrusted input (e.g. QR code scanner)
|
|
- Create a package manager for secure distribution of portable binaries
|
|
- `-static-pie` release binaries for Linux targets
|
|
|
|
Security issues that affect Feather always warrant a new release as soon as possible.
|
|
|
|
### 2. Continuity
|
|
|
|
- Keep the website and services online
|
|
- Keep source repositories accessible
|
|
- Make sure that running release builds is easy to set up and reproducible in time
|
|
|
|
Goals:
|
|
|
|
- Make sure the project is transmissible
|
|
- Make sure that setting up release infrastructure, release engineering, and maintenance are extensively documented
|
|
- Make the websocket server repository public
|
|
|
|
### 3. Reproducibility
|
|
|
|
- Improve and maintain tools to check for non-determinism
|
|
- Ensure releases are reproducible and stay that way
|
|
- Upload source archives to the fallback mirror
|
|
|
|
To learn more about Feather's build system, see: [`contrib/guix/README.md`](https://github.com/feather-wallet/feather/blob/master/contrib/guix/README.md)
|
|
|
|
[Bootstrappable builds](https://bootstrappable.org/) are a requirement for all release builds since version 2.2.2.
|
|
Our Guix time-machine is currently pinned at a commit which implements the
|
|
[Full-Source Bootstrap](https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/).
|
|
|
|
### 4. Bugs
|
|
|
|
- Fix bugs and crashes
|
|
|
|
To report a bug, please see: https://docs.featherwallet.org/guides/report-an-issue
|
|
|
|
### 5. Tests
|
|
|
|
- Improve test coverage
|
|
- Write more test cases
|
|
|
|
Feather does not currently have a test suite (apart from the tests in the Monero submodule), this is a WIP.
|
|
|
|
### 6. Documentation
|
|
|
|
- Make sure the documentation accurately reflects the latest release
|
|
- Add troubleshooting guides for common problems
|
|
|
|
Goals:
|
|
- Most support questions can be answered with a link to the documentation
|
|
- Reconsider and document default settings
|
|
- Write a document on threat modeling
|
|
|
|
Documentation is available at https://docs.featherwallet.org
|
|
|
|
### 7. Improvements
|
|
|
|
- Improve existing features
|
|
- Improve UI/UX
|
|
|
|
Feather should first and foremost be a good __wallet__.
|
|
Improving features that are closer to this end should have priority.
|
|
|
|
### 8. Platform Support
|
|
|
|
- Add support for more architectures and operating systems
|
|
- Drop support for End-of-Life distributions
|
|
- Add support for new hardware wallets
|
|
|
|
See: https://docs.featherwallet.org/guides/supported-operating-systems
|
|
|
|
### 9. Optimization
|
|
|
|
Miscellaneous maintenance tasks.
|
|
|
|
- Remove dead code
|
|
- Fix compiler warnings
|
|
- Optimize release binary size
|
|
- Speed up the [release process](RELEASE.md)
|
|
- Automate recurrent maintenance tasks
|
|
- Refactor code that is in need of refactoring
|
|
- Add comments to the code where necessary
|
|
- Reduce complexity in the codebase where possible
|
|
- Improve documentation for developers and maintainers
|
|
- Keep the build system, toolchain and dependencies modern
|
|
- Remove features if their maintenance burden outweighs their usefulness
|
|
|
|
Goals:
|
|
|
|
- Make sure Feather is ready for the migration to [FCMP++](https://www.getmonero.org/2024/04/27/fcmps.html)
|
|
|
|
### 10. Features
|
|
|
|
- Implement new features
|
|
- Allow Feather to be used or configured for higher, esoteric or new threat models
|
|
- Add experimental features that may later be adopted in the reference wallets
|
|
- Add features that are generally useful and relevant
|
|
|
|
Every added feature increases the amount of work needed to maintain Feather. Consider the usefulness of a feature
|
|
compared to its expected maintenance and support burden.
|
|
|
|
For a non-exhaustive list of potentially new features, see: https://featherwallet.org/ideas
|
|
|
|
### 11. Upstreaming
|
|
|
|
- Upstream tried and tested features, bugfixes and useful patches
|
|
- Bugfixes should be upstreamed without delay
|
|
|
|
Goals:
|
|
|
|
- Upstream polyseed
|
|
- Upstream bootstrappable builds using Guix as a replacement for the now deprecated Gitian build system
|