X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=TODO.txt;h=f5c3456261c4f25d1c6ce72375f6d6654508d49b;hb=e75c62b234a699557c023970466a8accd0b5a7b2;hp=a5e788f637ae3b0635bf137ebf4c1e3109d4b169;hpb=8e8215d61f5c3e6043f354c6f49a89bb15322d0f;p=~andy%2Ffetchmail

diff --git a/TODO.txt b/TODO.txt
index a5e788f6..f5c34562 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -1,13 +1,14 @@
 Note that there is a separate todo.html with different content than this.
 
-- Add --sslcertfile option to use a bundled certs file instead. This
-  circumvents c_rehash issues ;)
-
 soon - MUST:
+- blacklist DigiNotar/Comodo hacks/certs, possibly with Chrome's serial#
+  list?
+- check if wildcards from X.509 are handled as strictly as required by
+  the RFCs.
+- audit if there are further untrusted data report_*() calls.
 - Debian Bug #475239, MIME decoder may break up words (need to quote results)
 - put bare IP addresses in brackets for SMTP (check if there are RFC
   1123/5321/5322 differences)
-- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode.
 - Fix further occurrences of SMTP reply code handling:
    - for proper smtp_reponse caching of multiline codes (there are some)
    - for stomping over control characters.
@@ -19,6 +20,16 @@ soon - MUST:
   Postfix virtual users" around 2009-09-23 on fetchmail-users@).
 
 soon - SHOULD:
+- support NIL and strings where they are alternatives to literals
+- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode.
+  seems non-trivial to fix: in imap_idle(), we wait for untagged
+  responses, and may be deep in SSL_peek -- and that restarts the
+  underlying blocking read() from the socket, so we never break out of
+  the SSL_peek() with SIGUSR1.
+- add repoll for all kinds of auth failures
+  (requires framework to track which auth failed in auto mode)
+- SockOpen sometimes exits with errno == 0, confusing users (found with
+  Google RealTime on Twitter)
 - make sure the man page completely lists all options (f. i. sslcertpath) in
   the tables.
 - allow \Deleted without \Seen, rf. 
@@ -37,6 +48,9 @@ soon - SHOULD:
   Richard Brooksby, fetchmail-users 2010-04-06.
 
 soon - MAY:
+- find a better replacement for sscanf parsing - we don't usually
+  detect errors in format strings such as "* %d FETCH " because we don't
+  check if the FETCH is (a) present, (b) consumed.
 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471176
   => fetchmail: support utf-8 encoding in log file
   Revisit http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400719
@@ -68,6 +82,8 @@ questionable:
   (silently allowing g+x).
 - make UID code more efficient, parsing is O(n^2), should be no worse
   than O(n log n), lookup is O(n), should be O(log n).
+  * Idea for C: use <search.h> tfind/tsearch. Need to split idlist up
+    so it only keeps the ids, and use an array to track status.
 - help systematic debugging
     - by making logging more strict (Postfix's msg_* as example??)
     - by adding a --loggingtest or something that emits