Note that there is a separate todo.html with different content than this.
soon - MUST:
+- blacklist DigiNotar/Comodo/Türktrust hacks/certs, possibly with Chrome's serial#
+ list?
+- check if wildcards from X.509 are handled as strictly as required by
+ the RFCs.
- audit if there are further untrusted data report_*() calls.
- Debian Bug #475239, MIME decoder may break up words (need to quote results)
- put bare IP addresses in brackets for SMTP (check if there are RFC
1123/5321/5322 differences)
-- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode.
- seems non-trivial to fix: in imap_idle(), we wait for untagged
- responses, and may be deep in SSL_peek -- and that restarts the
- underlying blocking read() from the socket, so we never break out of
- the SSL_peek() with SIGUSR1.
- Fix further occurrences of SMTP reply code handling:
- for proper smtp_reponse caching of multiline codes (there are some)
- for stomping over control characters.
Postfix virtual users" around 2009-09-23 on fetchmail-users@).
soon - SHOULD:
+- support NIL and strings where they are alternatives to literals
+- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode.
+ seems non-trivial to fix: in imap_idle(), we wait for untagged
+ responses, and may be deep in SSL_peek -- and that restarts the
+ underlying blocking read() from the socket, so we never break out of
+ the SSL_peek() with SIGUSR1.
- add repoll for all kinds of auth failures
(requires framework to track which auth failed in auto mode)
- SockOpen sometimes exits with errno == 0, confusing users (found with
- fetch IMAP message in one go (fetchmail-devel by Adam Simpkins
<simpkins@cisco.com> around Nov 2nd)?
-6.4:
+7.0:
- Properly free host/user entries (through C++ class instantiation and destructors...)
- Remove stupid options, such as spambounce, or deferred bounces for anything
but wrong addresses
- CRYPTO: perhaps port to NSS? Check license and features and required procedure
changes. - Redhat Bugs #333741 (crypto consolidation), #346891 (port fetchmail to NSS)
- CRYPTO: make the SSL default v3 (rather than v23).
-- CRYPTO: remove sslfingerprint? too easily abused (see NEWS)
- CRYPTO: force sslcertck
- CRYPTO: by default forbid cleartext or other compromising password
schemes over insecure connections?
does it expect, what does it get instead, what does that mean, how can the
user fix it; references to the manual)
+- grarpamp suggested, on the fetchmail list in later April 2013, more
+ config file flexibility and explicitness, by marking polls, hosts,
+ accounts. See thread.
+
+- more selection options, Debian Bug#705291.
+
+- add a way to specify multiple fingerprints per host
+
+- add a way to specify non-MD5 fingerprints per host. SHA1 can be told
+ from its mere length; other digest algorithms would require some sort
+ of prefix. We may require the prefix for SHA1, too, for clarity.
+
+- more useful logging, suggested by Jerry, fetchmail-users, 17 May 2013
+ should include date, time, message-id, and 250 Ok message from
+ listener that got forwarded to.
DOCUMENTATION:
- Add info whether Keywords are global, server or user keywords