From 8d53e5a1bbd432fc88287db685227aed39ff939a Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Wed, 14 May 2014 16:17:30 -0400
Subject: avoid clobbering existing env

This is necessary on windows, ssh couldn't resolve hostnames without env
for whatever reason.
---
 doc/design/assistant/sshpassword.mdwn | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'doc/design')

diff --git a/doc/design/assistant/sshpassword.mdwn b/doc/design/assistant/sshpassword.mdwn
index 8b0ac3fe3..91fc76125 100644
--- a/doc/design/assistant/sshpassword.mdwn
+++ b/doc/design/assistant/sshpassword.mdwn
@@ -53,3 +53,17 @@ prompt the user for it before running ssh and the ssh-askpass shim.
 This avoids some complexity, and perhaps some attack vectors,
 if the shim cannot requst an arbitrary password prompt.
 (This complexity not needed with the temp file approach..)
+
+### TODO
+
+* Does not work on Windows; ssh still prompts in the terminal for the
+  password.
+* test on OSX
+* test on Android
+* enabling rsync repositories needs to prompt for password; currently
+  broken
+* test gcrypt repositories (creation of new and enabling)
+* If the user is slow, the cached ssh key can exire before they finish.
+  Currently this results in ssh being given no password, and failing.
+  Either avoid time-based expiry (manually expiring when done, and how
+  to detect if they gave up?) or notice this and give a sensible error.
-- 
cgit v1.2.3