X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=TODO;h=47973b3bac39a16ff5817af66218b444ed2a65c7;hb=f6de1fdad38520899002b722adc6095a33bc18fe;hp=5b259e5bf8a897c912a9c3561e18ca16588ffbb5;hpb=f60ef8722bbac94cad6dc6494fbe24ea3e84a4b4;p=privoxy.git

diff --git a/TODO b/TODO
index 5b259e5b..47973b3b 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,4 @@
-$Id: TODO,v 1.90 2014/01/31 12:47:15 fabiankeil Exp $
+$Id: TODO,v 1.107 2014/05/13 11:42:20 fabiankeil Exp $
 
 Some Privoxy-related tasks, sorted by the time they
 have been added, not by priority.
@@ -120,6 +120,9 @@ http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO
     It would probably also make sense to look into what other
     projects did when migrating away from SF.
 
+    2014-05-13: Work in progress. Hosting wish list at the end
+    of this file.
+
 54) Move away from CVS to a more modern revision control system.
     Find out if there are any objection against going with Git.
     Using Git would also have the advantage that SF now pretends
@@ -130,6 +133,9 @@ http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO
 56) Apply for the "free online access for qualified open-source
     software projects" for the Co-Advisor HTTP compliance tests:
     http://coad.measurement-factory.com/details.html#pricing
+    2014-05-19: Applied. Privoxy is considered a qualified project,
+    developers can request free account upgrades for Privoxy testing.
+    Account created, upgrade requested. Dealing with the results is #126.
 
 57) Allow piping into external programs to allow more powerful
     filters and policy decisions. Incomplete support available
@@ -216,7 +222,7 @@ http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO
     and redirect requests for them to Privoxy.
 
 86) Add a server-body-tagger action. This is trivial as as all the
-    functionallity required to do it already exists.
+    functionality required to do it already exists.
 
 87) Add a client-body-tagger action. This is less trivial as we currently
     don't buffer client bodies. After 14) is implemented it would be
@@ -330,4 +336,79 @@ http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO
      be fixed anyway. See also:
      https://bugzilla.mozilla.org/show_bug.cgi?id=959100
 
-117) Dynamic variables are documented poorly.
+118) There should be "escaped" dynamic variables that are guaranteed
+     not to break filters.
+
+119) Evaluate using pcre's jit mode.
+
+120) Add an option to limit pcre's recursion limit below the default.
+     On some platforms the recursion limit doesn't prevent pcre from
+     running out of stack space, causing the kernel to kill Privoxy
+     ungracefully.
+
+121) Add HTTP/2 support. As a first step, incomming HTTP/1.x requests
+     should be translated to outgoing HTTP/2 requests where possible
+     (and if desired by the user).
+
+122) Allow customized log messages.
+
+123) Evaluate if the voluntarily-disclose-session-keys option in Firefox
+     (and other browsers) can be leveraged. Probably depends on #16.
+
+124) Add support for the "lightweight OS capability and sandbox framework"
+     Capsicum. http://www.cl.cam.ac.uk/research/security/capsicum/
+
+125) Allow clients to HTTPS-encrypt the proxy connection.
+
+126) Run the Co-Advisor HTTP compliance tests, evaluate the results,
+     fix the compliance issues that aren't intentional and document
+     the rest. Work in progress. See also: #56.
+
+##########################################################################
+
+Hosting wish list (relevant for #53)
+
+What we need:
+
+- Bug tracker
+- Mailinglists (Mailman with public archives preferred)
+- Webspace (on a Unix-like OS that works with the webserver targets
+  in GNUMakefile)
+- Source code repositories (currently CVS, but migrating away
+  from it is TODO #54 anyway and shouldn't be too much trouble)
+- Commit mails (preferably with unified diffs)
+
+(Unsorted) details to look at when evaluating hosters:
+
+1. Preferably no third-party ads and trackers.
+   External images, CSS and JavaScript may count as trackers
+   but texts like "supported by company XYZ" may be acceptable.
+
+2. JavaScript should be optional or not used at all.
+
+3. Services we don't need shouldn't be enabled anyway.
+   (We currently don't use Web forums, wikis, surveys etc.)
+
+4. It would be preferable if the hoster didn't have a bad track
+   record as far as user experience, security and privacy are
+   concerned and if the terms of service are "reasonable" and
+   haven't changed too often in the past. Updates in the past
+   should have been improvements and not regressions.
+
+5. It would be preferable if most of the server administration
+   is done by a trusted third-party (or at least not a lot of work
+   for us).
+
+6. The server(s) should be located in a country with laws we can
+   understand and follow (or at least not unintentionally violate).
+
+7. A server location in a country with some kind of due process
+   and strong data protection laws (at least on paper) would be
+   preferable.
+
+8. Given that Privoxy is a free software project it would be
+   preferable if the hoster would use free software where possible.
+
+9. Migrating away from the hoster in the future without losing
+   any important data should be possible without writing web
+   scrapers first.