-$Id: TODO,v 1.101 2014/05/11 13:17:08 fabiankeil Exp $
+$Id: TODO,v 1.107 2014/05/13 11:42:20 fabiankeil Exp $
Some Privoxy-related tasks, sorted by the time they
have been added, not by priority.
It would probably also make sense to look into what other
projects did when migrating away from SF.
+ 2014-05-13: Work in progress. Hosting wish list at the end
+ of this file.
+
54) Move away from CVS to a more modern revision control system.
Find out if there are any objection against going with Git.
Using Git would also have the advantage that SF now pretends
56) Apply for the "free online access for qualified open-source
software projects" for the Co-Advisor HTTP compliance tests:
http://coad.measurement-factory.com/details.html#pricing
+ 2014-05-19: Applied. Privoxy is considered a qualified project,
+ developers can request free account upgrades for Privoxy testing.
+ Account created, upgrade requested. Dealing with the results is #126.
57) Allow piping into external programs to allow more powerful
filters and policy decisions. Incomplete support available
122) Allow customized log messages.
-123) Allow to decrypt encrypted traffic using the
- voluntarily-disclose-session-keys option in Firefox.
- Depends on #16.
+123) Evaluate if the voluntarily-disclose-session-keys option in Firefox
+ (and other browsers) can be leveraged. Probably depends on #16.
-124) Add Capsicum support.
+124) Add support for the "lightweight OS capability and sandbox framework"
+ Capsicum. http://www.cl.cam.ac.uk/research/security/capsicum/
125) Allow clients to HTTPS-encrypt the proxy connection.
+
+126) Run the Co-Advisor HTTP compliance tests, evaluate the results,
+ fix the compliance issues that aren't intentional and document
+ the rest. Work in progress. See also: #56.
+
+##########################################################################
+
+Hosting wish list (relevant for #53)
+
+What we need:
+
+- Bug tracker
+- Mailinglists (Mailman with public archives preferred)
+- Webspace (on a Unix-like OS that works with the webserver targets
+ in GNUMakefile)
+- Source code repositories (currently CVS, but migrating away
+ from it is TODO #54 anyway and shouldn't be too much trouble)
+- Commit mails (preferably with unified diffs)
+
+(Unsorted) details to look at when evaluating hosters:
+
+1. Preferably no third-party ads and trackers.
+ External images, CSS and JavaScript may count as trackers
+ but texts like "supported by company XYZ" may be acceptable.
+
+2. JavaScript should be optional or not used at all.
+
+3. Services we don't need shouldn't be enabled anyway.
+ (We currently don't use Web forums, wikis, surveys etc.)
+
+4. It would be preferable if the hoster didn't have a bad track
+ record as far as user experience, security and privacy are
+ concerned and if the terms of service are "reasonable" and
+ haven't changed too often in the past. Updates in the past
+ should have been improvements and not regressions.
+
+5. It would be preferable if most of the server administration
+ is done by a trusted third-party (or at least not a lot of work
+ for us).
+
+6. The server(s) should be located in a country with laws we can
+ understand and follow (or at least not unintentionally violate).
+
+7. A server location in a country with some kind of due process
+ and strong data protection laws (at least on paper) would be
+ preferable.
+
+8. Given that Privoxy is a free software project it would be
+ preferable if the hoster would use free software where possible.
+
+9. Migrating away from the hoster in the future without losing
+ any important data should be possible without writing web
+ scrapers first.
projects / privoxy.git / blobdiff