DonationCoder.com Software > fSekrit

Development: progress and thougts

(1/4) > >>

f0dder:
I figured it's about time I write down some thoughts on the future of fSekrit in one (hopefully coherent) thread, rather than having bits and pieces spread across various other threads. So, without further ado, here goes a braindump :)

Current state of fSekrit
The program is relatively close to being feature-complete, at least in the context of the features I originally envisioned. A few of the unimplemented features require a fair amount of code, however, feature count isn't everything.

Not all code is as clean as I would ideally want, there's a fair amount of commenting and documenting to be done, and a bunch of refactoring as well. Work has been started on this.

There's currently no test suite, which is... pretty bad. There's been a few bugs that a test suite would/should have caught. Never really found any C++ unit testing framework I liked, but I recently bumped into gtest which actually looks pretty decent. Feedback?

Overall, I'd say that the project is in relatively good shape.

fSekrit in the future
Keywords:

* Modularizing - progressing nicely, "sekritCore" close to done.
* Documentation - update & cleanup existing. (Internals, not readme.txt)
* Unit testing - not started.
* Key derivation - implement PBKDF2 instead of sha256(passphrase).
* Tabbed interface - multiple "document streams" in one container. Work has been started.
* Mass upgrader - automate upgrading of editor part of documents.
* Open-source - unleash the source code unto the world.
The current goals are towards cleaning up the source code, before new functionality is added. This means modularizing, documentation, unit testing. Work is progressing nicely (load-code has been refactored & works, save is yet to come), but there's still a fair amount of work to be done. Executable size has bloated a bit, but once unit tests are in place and refactoring is done, some code will be specialized instead of using standard C++ containers, which should bring code size down to the size of 1.40 - perhaps even a bit smaller.

Once cleanup is done, I'll have to decide on whether I want to open-source the project first, or if some of the missing features should be implemented. I'm leaning towards open-sourcing first, perhaps implementing PBKDF2 first. Feedback?

Opensourcing fSekrit
I've been wanting to do this for a while, it's something that has been planned pretty much from the beginning. I didn't want to release the code before it is "decent enough", though - I'll have to admit that some revisions haven't exactly been top-grade code :)

There's various decisions to be made wrt. opening the source. One of them is license - it's definitely not going to be the horribly yucky GPL. Basically I don't want anybody making money off my work, I want attribution if my code is re-used, and I'd prefer to stay in charge (though this last requirement needn't be enforced in the license). Feedback?

There's also the issue of hosting. Forum and binary downloads probably still fit just fine on donationcoder.com and dcmembers.com, but I'm not sure what to do with the source code. I'm considering SourceForge or GoogleCode, dunno if there's other/better choices. Feedback?

At least initially, I'm going to keep the subversion repository on my own private server, and let people contribute patches if they want. Source code previous to the open-sourced version won't be public available. Eventually, it'd be nice to have updates to my own repository mirrored to a public repository; this really screams "move to a DVCS". Feedback?

I might want some bug tracking / feature request system as well... that would probably come with the source hosting. I've used RedMine a bit, and that's the one I've been liking best - trac is apparently nice, but looks a bit unpolished.

mouser:
Sounds nice.
We have a redmine set up on http://redmine.dcmembers.com -- if you create an account i'll make an fsekrit project for you there.
The multiple document streams idea sounds interesting..

f0dder:
We have a redmine set up on http://redmine.dcmembers.com -- if you create an account i'll make an fsekrit project for you there.-mouser (February 01, 2010, 03:23 AM)
--- End quote ---
Thanks, but I don't need it right now - I have redmine on my private server, and I use ToDoList for managing stuff right now... it's when opensourcing the project that issue-tracking might come in handy, and I expect whatever source hosting to provide issue tracking. If it doesn't, or it sucks, I'll definitely take up your offer, though :)

The multiple document streams idea sounds interesting..-mouser (February 01, 2010, 03:23 AM)
--- End quote ---
Yep, and it's something that has been requested by users. And I can definitely use it myself to organize my passwords.exe a bit better :)

Btw, another thing I'm considering is a BeyondCompare plugin so fSekrit documents can be compared without decrypting temporarily to disk - I'll have to check out how much work this requires, but it's definitely also something I could use myself... sometimes I add new password entries on my laptop, and end up with files that are out of sync. Having factored the container load/save stuff out to a separate project was a prerequisite for even considering this.

Lashiec:
There's various decisions to be made wrt. opening the source. One of them is license - it's definitely not going to be the horribly yucky GPL. Basically I don't want anybody making money off my work, I want attribution if my code is re-used, and I'd prefer to stay in charge (though this last requirement needn't be enforced in the license). Feedback?
-f0dder (January 31, 2010, 05:48 PM)
--- End quote ---

Custom license? :D

I doubt you will find any license that fulfill all the requirements, but except for the last one, you may find something in the OSI list. The Non-Profit Open Software License 3.0 sounds good. Alternatively, I found something at the Fedora wiki

It seems you have the same problem as the bsnes author had a while ago. Pity that his custom license has been retired (he's using the GPLv2 now, heh). Of course, any custom license might not hold up in court, unless you have it reviewed by an experienced lawyer.

f0dder:
Wow, that bsnes blog post is long - might read it a bit later.

I was considering Creative Commons Attribution-Noncommercial-Share Alike, as I think :p it supports the attribution and non-commercial aspects that I want. The Attribution-Noncommercial-No Derivative Works would also add the "stay in charge" aspect, but it seems a bit draconian.

Navigation

[0] Message Index

[#] Next page