D 2015-05-21T20:17:48.836
L project\sstate
N text/x-markdown
P a2446e830e6fe46a25a5f5dab72581d82ab53105
U mario
W 1926
## Stability
* The application runs mostly stable. The GUI interfaces are workable.
* It's supposed to run on Gtk2 and Gtk3. Albeit threading is still an issue.
* Python3 support is achieved.
* There haven't been any optimizations regarding memory usage and
performance.
* The current internal API is still somewhat underdocumented.
## Current bugs
* Audio- and list-format support is not very robust / needs better API
* Not all keyboard shortcuts work
* Some internal UI state flags remain, that need to be substituted with Gtk callbacks.
## Features
* Treeview layouts and lists are dynamically from datamap[] structure and stream{} dicts.
* Channel categories are often built-in defaults (can be freshened up however)
* Config vars and cache data get stored as JSON in ~/.config/streamtuner2/
* Plugin meta data spec is mostly used now for configuration description, and plugin management.
## Missing:
* Localization (not actually planned for)
## Security notes
* FAULTY DATA: Directory scrapers use partially complex regular expressions - which is probably not a security risk, but can lead to inexact decoding. Albeit HTML entitiy cleanup and constraints are in place. Charset fixups are done on a case-by-case basis. Doesn't help for Xiph however (already receiving garbage there). As for fragile, some DOM/PyQuery extraction targets are less exact even.
* MEDIUM: integrity checking for .pls / .m3u references and files is only done on conversion. (Set audio players to use `%xspf` for maximum filtering.)
* HIGH RISK: no verification of downloaded favicon image files (ico/png),
as they are passed to gtk.gdk.Pixbuf (OTOH data pre-filtered by Google)
* MEDIUM: audio players / decoders are easily affected by buffer overflows
from corrupt mp3/stream data. However nothing we can preassert here, streamtuner2 just passes them on.
Z 5530e82022df4501cd656b5d25f52078