$Id: deliverables.txt,v 1.1.1.1 2008/09/10 09:32:57 agcrooks Exp $

Deliverables of the project
===========================

This is the list of deliverables that will conform the project during
the Google's Summer of Code.

They are written in priority order, from highest to lowest.

Each deliverable contains five elements: name, short description, main
ideas it has to afford and a qualitative current status. Deadlines are
specified in the file "Schedule" in the root directory of the project
CVS repository.

1. Mandatory deliverables
-------------------------

This deliverables must be done by the end of the Summer of Code
(September 1st).

1.1. Project description
------------------------

The project description it's the presentation of the project, aimed to
people unaware of the project and what PGP is.

It must contain:

* Introduction: what is BPG, what is a privacy guard, motivation for
  writing it when there are already other programs for the same
  problems, etcetera.

* General description: for what can BPG used, and how to do it (very
  generally).

* Goals: what we try with the project, where we want to get.

* License

* Authors

Status: done

1.2. Use cases document
-----------------------

The use cases document contains examples of different scenarios we
want the application to cover.

It must contain:

* OpenPGP message processing use cases: use cases defined in OpenPGP
  for messages, such as encrypt files, sign files, compression and so
  on.

* Key management use cases: which things must BPG allow to do with
  keys.

* Extensibility use cases: where and why must the application support
  being extended.

* Additional features: other features we want the application to
  support and don't fit well in the previous areas.

Status: done

1.3. Architecture document
--------------------------

This document will show the architecture of the system.

It must contain:

* High level description: which modules will conform the program, and
  how will they interact between them and with the user.

* Subsystems: how does each module work internally (rather detailed
  description for each module).

Status: done

1.4. Key management document
----------------------------

The key management document will contain an explanation on the way BPG
will handle keys.

It must contain:

* Introduction: what key management is and which are its needs in a
  PGP-like application.

* Data structures: how will the keys be stored in the system.

* Trust model: what is the trust model and how will it be implemented
  in BPG.

* Compatibility issues: which efforts are going to be done for making
  BPG compatible with which versions of what PGP-like programs.

Status: done

1.5. Security document
----------------------

The security document must cover all the security issues related to
the nature of the project. Also, it's important to analyze here the
security flaws of other PGP-like projects (mainly GnuPG).

It must contain:

* Key management security issues: security considerations derived from
  key management, for instance how to store the keys to make them
  inaccesible.

* Secure coding guidelines: list of secure coding measures people
  writing code for the project must take into account.

* Security in GnuPG: description of good and bad design solutions in
  GnuPG in terms of security.

* Robustness against attacks: analysis on how to make the system
  robust against different known attacks, as time-based attacks or
  capturing computer emissions.

Status: done

1.6. Man pages
--------------

Man pages describing the usage of the different elements of the
system: user interfaces and libraries.

Status: done for what is coded, that is, `bpg' library.

1.7. Test framework
-------------------

Writing an integrated test framework. Typing "./Test" in the root
directory must work.

Status: done

1.8. Code base
--------------

Writing enough code for building the program and making functional
tests to pass.

Status: done, though much functionality has been left out, such as encryption
and key management.

2. Optional deliverables
------------------------

These are the deliverables that would be desirable to be finished by
the end of the Summer of Code (September 1st).

2.1. API tester
---------------

Write a scriptable API tester.

(This became the current bpg_ruby library)

Status: done

2.2. Libraries code
-------------------

Fill libraries skeleton with muscle.

2.1.1. bpg (former "data-security")
----------

Status: signing and verification work

2.1.2. bpg-key (former "key-management")
--------------

Status: empty

2.3. Command-line user interface
--------------------------------

Writing a standalone command-line interface for BPG.

Status: signing and verification work

2.4. BPG user guide
-------------------

Write a guide explaining the functionalities and usage of BPG. This
guide can integrate the former documentation, as the project
description, architecture, security, etcetera.

Status: empty

