[HTTPS-Everywhere] tentative feature/architecture roadmap

Andrés Arrieta andres at eff.org
Tue Jan 16 11:19:00 PST 2018 

Thanks a lot for this list!

Andrés Arrieta
Electronic Frontier Foundation | Tech Projects Manager
W: 415.436.9333 x123

On 15/01/18 12:15, Sumana Harihareswara via HTTPS-Everywhere wrote:
> I should have mentioned that the UI step in #3 might also include, per
> Jeremy Nation's suggestion in
> https://github.com/EFForg/https-everywhere/issues/12606#issuecomment-330706469
> , a design decision on whether and how to let the user
> enable/disable/reset signed rulesets.
>
> On 01/09/2018 10:20 PM, Sumana Harihareswara wrote:
>> I've been reading past issues and asking Bill and Jeremy a few
>> questions, and as I see it, this is a tentative roadmap for the next
>> several steps for HTTPS Everywhere, in terms of major architectural changes.
>>
>> As it is, as I see it, because Bill's just keeping his head above water
>> keeping up with issue and pull request traffic, the project's making
>> pretty slow progress on the features below. So these don't come with any
>> particular schedule estimates. But the rough draft here might make
>> clearer the *order* things would happen in:
>>
>>
>>
>> 1. Signed rulesets
>> https://github.com/EFForg/https-everywhere/tree/sign-rulesets
>>
>> * Highest priority: allow EFF to sign rulesets (to allow
>>   downloading rulesets out of band with extension). Bill's task
>>   currently: restructure feature to make it comply with new APIs.
>>
>> * [Potential] Discuss how we decide which sites to include in the
>>   core ruleset. Some
>>   discussion: https://github.com/EFForg/https-everywhere/issues/12606
>>
>>         - This will probably be based on a mix of criteria including
>>           Alexa ranking and how sensitive the content is (e.g.,
>>           software downloads, banking, news and sensitive content are
>>           more important).
>>
>>         - This is an open question we need to answer to guide further
>>           decisions.
>>
>> 2. [Potential] Create dev channel for extension
>>
>> * Create a dev channel/beta channel so that testers can try new
>>   features before we release. Possibly we won't do this because
>>   merging features into this first, then having to merge again
>>   into master, would be more overhead than it's worth.
>>
>> 3. UI for update channel/signed rulesets
>>
>> * This might be rather time-consuming, because we need to design a way
>>   for the user to choose multiple sources of rulesets (perhaps calling
>>   them channels?).
>>
>> * A security audit performed by an external auditor would be
>>   particularly useful before we get well underway with this step.
>>
>> 4. More comprehensive testing
>>
>> * EFF recently had a contractor that built tests and got coveralls
>>   to do test coverage. Bill would review and get familiar with the
>>   system to see if we can improve, for instance, unit test
>>   coverage.
>>
>> 5. [Potential] Separating rulesets into their own repo
>>
>>
>>
>> I'm sure I'm getting some of this wrong and welcome corrections. But I
>> figure having this all in one thread might make it easier to understand
>> what the project's trying to prioritize.
>>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20180116/688a4c4d/attachment.sig>

More information about the HTTPS-Everywhere mailing list