id	summary	keywords	status	owner	type	priority
2222	make a FAQ describing the impact of heartbleed on Tahoe-LAFS	security integrity confidentiality pyopenssl heartbleed docs	assigned	blaisep	defect	critical
366	"address Nathan Wilcox's concerns about ""Tahoe and the browser security model"""	security capleak docs websec	assigned	blaisep	defect	major
492	mutable files: add ciphertext hash tree to signature block	newcaps security integrity forward-compatibility backward-compatibility mutable	new	zooko	defect	major
587	Web nodes provide ambient upload authority	upload security accounting LeastAuthority.com websec	new	daira	defect	major
635	'tahoe make-tarball' command	backup metadata symlink usability security	new		enhancement	major
725	We should whine if we're running as root.	easy security usability unix test-needed	assigned	davidsarah	enhancement	major
753	use longer storage index / cap for collision resistance	newcaps security	new		defect	major
827	Put file download links ('?save=true') in WUI directory listings	security usability capleak docs download easy	assigned	davidsarah	defect	major
840	Allow all CLI commands to take arguments from stdin or a file, to avoid caps being visible to other local users	security confidentiality integrity usability	new		enhancement	major
865	Document current crypto and encoding in detail	docs security	new	ioerror	task	major
870	Prevent socket hijacking on OSes that don't prevent it by default (Windows)	security integrity confidentiality privacy windows foolscap twisted docs	assigned	davidsarah	defect	major
958	LAFS 301 Moved Permanently	forward-compatibility backward-compatibility integrity newcaps newurls http sftp ftpd smb availability security revocation rollback research	new		enhancement	major
981	chroot support?	security twisted chroot install	new	somebody	enhancement	major
994	support precompressed files	compression space-efficiency performance bandwidth security integrity backward-compatibility	new	somebody	enhancement	major
1008	Unhandled error conditions disclose detailed information	wui security privacy anonymity logging error anti-censorship	new		defect	major
1136	don't run a web-API frontend if you don't need one	security websec	new	somebody	enhancement	major
1142	Unlikely XSS Potential in File Names in WUI	security xss html names wui	new	nobody	defect	major
1144	Loopy/Uninhibited/Overlarge Filename Makes Web Server Crump	security names wui	new	nobody	defect	major
1198	Bogus tub location causes introducer error	error introducer security DoS	new		defect	major
1213	Should support change of hash functions	security forward-compatibility integrity	new	somebody	task	major
1215	add CORS support	security http same-origin cors websec	new		enhancement	major
1254	eliminate use of urllib.urlopen in check_load	security capleak	assigned	davidsarah	defect	major
1290	replace all use of pickles with JSON	security pickle json	new	somebody	defect	major
1422	https node.url is not verified by httplib	https security integrity confidentiality	new	nobody	defect	major
1447	add read-only mode for gateways	readonly gateway security testgrid cloud-backend multiuser-gateway	new	zooko	enhancement	major
1649	WUI: the error message page for a writeable file/directory nonobviously includes the write cap	usability security capleak websec	assigned	davidsarah	defect	major
1665	Brainstorm webapi vulnerabilities between the operator and a user and between users.	docs security webapi introducer accounting status websec multiuser-gateway	new		task	major
1697	there is no test covering password-checking for SFTP or FTP	tests sftp ftpd password security	assigned	daira	defect	major
1797	WUI: view content in an HTML5 sandboxed iframe	wui security usability javascript sandbox same-origin websec	new		defect	major
1798	Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages	wui same-origin security capleak	new	freddyb	defect	major
1859	Proof-of-concept attack: Upload and execute attacker controlled js from any domain.	security javascript same-origin capleak websec	new	davidsarah	defect	major
2055	Building tahoe safely is non-trivial	install security eggs pip setuptools packaging	new	daira	defect	major
2090	Don't expose URIs after failed CLI commands	easy security capleak error cli	new	daira	defect	major
2214	DOS defect concerning forged shares	DOS security verify tahoe-check	new	daira	defect	major
2385	node web server should use DHE/ECDHE suites automatically	security websec https forward-secrecy twisted	new	j3i	enhancement	major
925	Information leak to holders of a directory read cap, about whether each dir entry is writeable and the length of its write cap	backward-compatibility privacy security	assigned	daira	defect	normal
1408	accounting using bitcoins	bitcoin accounting performance leases security	new	somebody	defect	normal
1415	WUI is more useful than CLI	security privacy capleak integrity confidentiality	new		defect	normal
1535	Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets	wui cli socket unix security confidentiality integrity capleak	new		enhancement	normal
1694	package client and server separately	performance security packaging p2p	new	somebody	enhancement	normal
2009	One Grid to Rule Them All	extensibility servers-of-happiness location newurls security globalcaps	new	daira	defect	normal
2010	Implement shortcuts to caps	usability newurls introducer security aliases	new		enhancement	normal
2024	downloader hangs when server returns empty string	download hang denial-of-service security	new		defect	normal
2057	reproducible builds	install security eggs	new	daira	enhancement	normal
2100	passphrase-encrypt the aliases file	aliases security capleak usability	new	daira	enhancement	normal
2136	Use Content-Security-Policy to harden the WUI	csp wui security xss javascript	new	daira	defect	normal
2213	Make SFTP generate its own key	sftp ssh-keygen usability security	new		enhancement	normal
2331	don't display capabilities without user explicitly asking for it	security capleak	assigned	daira	defect	normal
2369	Support encryptionless sftp using sftp-over-tcp	performance security confidentiality integrity	new	HoverHell	enhancement	normal
2421	connect tahoe-lafs repo to Docker Hub	docker security github	new	warner	defect	normal
2478	back up metadata from github (PRs, commit comments, etc.)	github security	new		task	normal
2720	format_http_error leaks the URI	security capleak	new	daira	defect	normal
3878	Potential denial of service attack by rogue servers	availability, security	new		defect	normal
982	grsec disallows tahoe from learning its own IP address	security grsec iputil transparency	new	ioerror	defect	minor
1039	Keys with passphrases for SFTP	sftp security	new	nobody	defect	minor
1410	sftp server listens on reachable IP addresses by default	sftp security	new		defect	minor