Cert scripts: add some TODO notes

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

1 files changed, 16 insertions, 0 deletions

diff --git a/scripts/certs/cert-check b/scripts/certs/cert-check
index d4dbe5b..d349933 100755
--- a/scripts/certs/cert-check
+++ b/scripts/certs/cert-check
@@ -15,6 +15,22 @@
 #   generally, there is a race between the two?)
 # - wget vs. certificates? switch to curl?
 # - remove unneeded subshells? ( '()' -> '{}' )
+# - slowly getting worse and worse, needs some refreshment and unification
+#   -> the only exchange encoding is PEM
+#      - can be combined with DER in one stream thanks to sed ranges filtering
+#        whereas corresponding PEM can be appended after this DER so we
+#        we can be sure the stream contains, perhaps interleaved,
+#        an expected PEM instance
+#   -> through away the trust in CA_BUNDLE completely?
+#   -> better decomposition/DRY
+#      - awk invocations, etc.
+#   -> nicer "functional approach" (more pipes, less files [persisted state])
+#      - flock can be handy (see the other project of mine)
+#   -> wider goals: mapping of certain cert chains (download locations, etc.)
+#   -> migrate to other language? (but why)
+#
+# related references:
+# - http://curl.haxx.se/docs/caextract.html
 # - p7s: https://lists.fedoraproject.org/pipermail/devel/2013-February/178272.html
 
 : ${HOMEBUNDLE:=}