This document is written for developers and users interested in learning how Feather is developed.
- Fix security issues and privacy leaks affecting Feather
- Note: If you believe to have found a vulnerability, please refer to SECURITY.md
- Rebase the Monero submodule on top of the latest
monero-project/monero
tag- Monero releases may contain undisclosed security fixes
- Update or patch statically linked dependencies that have known vulnerabilities
- Run
feather-utils/depends/vulns.py
to check - Review the diff of any altered package to mitigate the risk of supply chain attacks
- Run
- Update compilers and security flags for better binary security
- Reduce the number of third-party dependencies
- Keep the website VPS up-to-date and secure
- Further harden the release process
Goals:
- Set up a bug bounty program for issues that affect privacy or security
Security issues that affect Feather always warrant a new release as soon as possible.
- Improve and maintain tools to check for reproducibility defects
- Ensure releases are reproducible and stay that way
- Upload source archives to the fallback mirror
Goals:
- Update Guix to benefit from the full-source bootstrap
- Implement a system for verified reproduction
To learn more about Feather's build system, see: contrib/guix/README.md
Bootstrappable builds are a requirement for all release builds since version 2.2.2. Our Guix time-machine is currently pinned at a commit which implements the reduced binary seed bootstrap.
- Fix reproducible bugs and crashes
To report a bug, please see: https://docs.featherwallet.org/guides/report-an-issue
- Improve test coverage
- Write more test cases
Feather does not currently have a test suite (apart from the tests in the Monero submodule), this is a WIP.
- Make sure the documentation accurately reflects the latest release
- Add troubleshooting guides for common problems
- Ideally, most support questions can be answered with a link to the documentation
Goals:
- Reconsider and document default settings
Documentation is available at https://docs.featherwallet.org
- Improve existing features
- Improve UI/UX
Feather should first and foremost be a good wallet. Improving features that are closer to this end should have priority.
- Package Feather for more distributions
- Add support for more architectures and operating systems
- Drop support for End-of-Life distributions
Goals:
- Bootstrappable Flatpaks
- Debian and Guix packages
- Create a document with guidelines for packagers
See: https://docs.featherwallet.org/guides/supported-operating-systems
Miscellaneous maintenance tasks.
- Remove dead code
- Fix compiler warnings
- Optimize release binary size
- Speed up the release process
- Automate recurrent maintenance tasks
- Refactor code that is in need of refactoring
- Add comments to the code where necessary
- Reduce complexity in the codebase where possible
- Improve documentation for developers and maintainers
- Keep the build system, toolchain and dependencies modern
- Remove features if their maintenance burden outweighs their usefulness
Goals:
- Make sure Feather is ready for the migration to Seraphis
- Implement new features
- Allow Feather to be used or configured for higher, esoteric or new threat models
- Add experimental features that may later be adopted in the reference wallets
- Add features that are generally useful and relevant
Every added feature increases the amount of work needed to maintain Feather. Consider the usefulness of a feature compared to its expected maintenance and support burden.
For a non-exhaustive list of potentially new features, see: https://featherwallet.org/ideas
- Upstream tried and tested features, bugfixes and useful patches
- Bugfixes should be upstreamed without delay
Goals:
- Upstream polyseed
- Upstream bootstrappable builds using Guix as a replacement for the now deprecated Gitian build system