Roadmap


Pleroma


All features and fixes are sorted by priority. Higher priority features
and fixes will be implemented before lower priority features and fixes.
If necessary, features and fixes may move to a higher or lower priority,
due to security and/or stability concerns.


Features and fixes which have been implemented will be moved to the
"Completed" section, and will be added to the changelog.


High:


- Transfer domain from Namecheap to censorship resistant
domain name registrar.

Transferring Inferencium Network's domain from Namecheap to a censorship
resistant domain name registrar will provide censorship resistance and
harden our domain against takedown.


- Migrate virtual private servers (VPS) from Linode to a censorship
resistant private server provider.

Transferring Inferencium Network's VPSes from Linode to a censorship
resistant virtual private server provider will provide censorship
resistance and harden our VPSes against takedown.


- Force HSTS connections on clearweb instance.

HTTP Strict Transport Security (HSTS) is a feature which forces web
browsers to connect directly using HTTPS when trying to connect via HTTP,
after the initial connection to the website.


Medium:


Low:


- Switch to JavaScript free front-end.

Switching to a JavaScript free front-end reduces the risk of malicious
code running on the users' devices and removes a layer of trust, as well as
consuming less device resources.


Completed:


- Initial release.


- Switch from Ubuntu 20.04 to Alpine Linux 3.14.


- Switch from systemd to OpenRC.


- Switch from glibc to musl.


- Enable secure cookies.


- Force TLS 1.3 connections.


- Configure TLS 1.3 to prefer ChaCha20 cipher with Poly1305 message
authentication code (TLS_CHACHA20_POLY1305_SHA256).


- Increase HSTS maximum age from 1 year to 5 years.


- Address issue of avatars not loading.


- Fix federation issues.


- Fix media uploads.


- Remove AES 128-bit from TLS 1.3 ciphers.


- Create Pleroma Tor hidden service.


- Harden server internal filesystem discretionary access control
(DAC) permissions.


- Force X25519 key exchange mechanism.




Back