Note that there is a separate todo.html with different content than this.
soon - MUST:
+- blacklist DigiNotar/Comodo hacks/certs, possibly with Chrome's serial#
+ list?
+- check if wildcards from X.509 are handled as strictly as required by
+ the RFCs.
+- audit if there are further untrusted data report_*() calls.
- Debian Bug #475239, MIME decoder may break up words (need to quote results)
- put bare IP addresses in brackets for SMTP (check if there are RFC
1123/5321/5322 differences)
-- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode.
- Fix further occurrences of SMTP reply code handling:
- for proper smtp_reponse caching of multiline codes (there are some)
- for stomping over control characters.
Postfix virtual users" around 2009-09-23 on fetchmail-users@).
soon - SHOULD:
-- update trio
+- support NIL and strings where they are alternatives to literals
+- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode.
+ seems non-trivial to fix: in imap_idle(), we wait for untagged
+ responses, and may be deep in SSL_peek -- and that restarts the
+ underlying blocking read() from the socket, so we never break out of
+ the SSL_peek() with SIGUSR1.
+- add repoll for all kinds of auth failures
+ (requires framework to track which auth failed in auto mode)
+- SockOpen sometimes exits with errno == 0, confusing users (found with
+ Google RealTime on Twitter)
- make sure the man page completely lists all options (f. i. sslcertpath) in
the tables.
- allow \Deleted without \Seen, rf.
- document IMAP4 ACL requirements
- CRYPTO: log configured server name on certificate mismatch (perhaps pay
attention to via entries and stuff like that)
-- CRYPTO: BerliOS Bug #11576, thread on fetchmail users "Invalid SSL certificate" by
- Philip Susi, SSL negotiation does not use ERR_error_string(3ssl) to report
- errors in a readable way, we just report socket errors with no good reason.
- CRYPTO: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432618
* write a table of combinations of TLS/SSL options
- add To: header to warning mails (authfail for instance)
- Fix TOCTOU race around prc_filecheck*
- Read CAPABILITY from greeting if present, saves one round trip.
- Check if LAST argument is properly validated against message count.
-- find a solution for the "invalid header" discards message problem
- (escape headers and stuff reminder into body)
- add Message-ID: header and other SHOULD headers to warning mails?
+- report actual SMTP error with "SMTP listener refused delivery", sugg.
+ Richard Brooksby, fetchmail-users 2010-04-06.
soon - MAY:
+- find a better replacement for sscanf parsing - we don't usually
+ detect errors in format strings such as "* %d FETCH " because we don't
+ check if the FETCH is (a) present, (b) consumed.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471176
=> fetchmail: support utf-8 encoding in log file
Revisit http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400719
<simpkins@cisco.com> around Nov 2nd)?
6.4:
+- Properly free host/user entries (through C++ class instantiation and destructors...)
- Remove stupid options, such as spambounce, or deferred bounces for anything
but wrong addresses
- Do not ever guess envelope from content headers such as To:/Cc:/Resent-To: or
(silently allowing g+x).
- make UID code more efficient, parsing is O(n^2), should be no worse
than O(n log n), lookup is O(n), should be O(log n).
+ * Idea for C: use <search.h> tfind/tsearch. Need to split idlist up
+ so it only keeps the ids, and use an array to track status.
- help systematic debugging
- by making logging more strict (Postfix's msg_* as example??)
- by adding a --loggingtest or something that emits