-soon:
-- BerliOS Bug #11576, thread on fetchmail users "Invalid SSL certificate" by
- Philip Susi, SSL negotiation does not use ERR_error_string(3ssl) to report
- errors in a readable way, we just report socket errors with no good reason.
-- find a solution for the "invalid header" discards message problem
- (escape headers and stuff reminder into body)
-- https://bugzilla.novell.com/show_bug.cgi?id=246829 - fetchmail lost some mail
- (5XX error code in contradiction with manual?)
-- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432618
+Note that there is a separate todo.html with different content than this.
+
+soon - MUST:
+- blacklist DigiNotar/Comodo hacks/certs, possibly with Chrome's serial#
+ list?
+- check if wildcards from X.509 are handled as strictly as required by
+ the RFCs.
+- audit if there are further untrusted data report_*() calls.
+- Debian Bug #475239, MIME decoder may break up words (need to quote results)
+- put bare IP addresses in brackets for SMTP (check if there are RFC
+ 1123/5321/5322 differences)
+- Fix further occurrences of SMTP reply code handling:
+ - for proper smtp_reponse caching of multiline codes (there are some)
+ - for stomping over control characters.
+- check if smtpname and smtpaddress in particular work as advertised,
+ thread "Fetchmail with Postfix virtual users" around 2009-09-23 on
+ fetchmail-users@, by Joost Roeleveld and Gerard Seibert.
+- virtual domain DOCUMENTATION (rewriting @example.com to
+ @virtual.example.com possible? Joost Roeleveld, thread "Fetchmail with
+ Postfix virtual users" around 2009-09-23 on fetchmail-users@).
+
+soon - SHOULD:
+- support NIL and strings where they are alternatives to literals
+- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode.
+ seems non-trivial to fix: in imap_idle(), we wait for untagged
+ responses, and may be deep in SSL_peek -- and that restarts the
+ underlying blocking read() from the socket, so we never break out of
+ the SSL_peek() with SIGUSR1.
+- add repoll for all kinds of auth failures
+ (requires framework to track which auth failed in auto mode)
+- SockOpen sometimes exits with errno == 0, confusing users (found with
+ Google RealTime on Twitter)
+- make sure the man page completely lists all options (f. i. sslcertpath) in
+ the tables.
+- allow \Deleted without \Seen, rf.
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466299
+- document IMAP4 ACL requirements
+- CRYPTO: log configured server name on certificate mismatch (perhaps pay
+ attention to via entries and stuff like that)
+- CRYPTO: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432618