First cut at labelinging things for 0.1.0.x

svn:r3673

1 files changed, 102 insertions, 138 deletions

diff --git a/doc/TODO b/doc/TODO
index e01e8be81..30566f590 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -10,152 +10,135 @@ ARMA    - arma claims
         D Deferred
         X Abandoned
 
-For 0.0.9:
-
-   o Solve the MSVC nuisance where __FILE__ contains the full path.
-     People are getting confused about why their errors are coming from
-     C:\Documents and Settings\Nick Mathewson\My Documents\src\tor .
-N&R. bring tor-spec up to date
-N&R. make loglevels info,debug less noisy
-   o OS X package (and bundle?)
-   o Working RPMs
-   o Get win32 servers working, or find out why it isn't happening now.
-     o Why can't win32 find a cpuworker?
-
-For 0.0.9.3:
-   o All tasks marked for 0093 in flyspray.
-   o Backport performance improvement (stop calling getttimeofday for
-     each cell)
-   o Tor startup script should be installed by default on OSX.
-   o Setup instructions for OSX.
-
-
 For 0.0.9.5:
    - Server instructions for OSX and Windows operators.
    - Audit all changes to bandwidth buckets for integer over/underflow.
 
-************************ For Post 0.0.9 *****************************
+For 0.1.0.x:
 
-  - make min uptime a function of the available choices
-  - kill dns workers more slowly
-  - reset uptime when ip changes
-  - build testing circuits? going through non-verified nodes?
-
-  - config option to publish what ports you listen on, beyond ORPort/DirPort
-  - https proxy for OR CONNECT stuff
-  - choose entry node to be one you're already connected to?
-
-Tier one:
-   o Move to our new version system.
-   - Changes for forward compatibility
-     - If a version is later than the last in its series, but a version
-       in the next series is recommended, that doesn't mean it's bad.
+ Refactoring and infrastructure:
 
+  . Switch to libevent
+       - Hold-open-until-flushed now works by accident; it should work by
+         design.
+       - The logic for reading from TLS sockets is likely to overrun the
+         bandwidth buckets under heavy load.  (Really, the logic was
+         never right in the first place.)  Also, we should audit all users
+         of get_pending_bytes().
+       - Find a way to make sure we have libevent 1.0 or later.
+       - Log which poll method we're using.
+       . Check return from event_set, event_add, event_del.
+
+ Security: 
+   - Make sure logged info is "safe"ish.
+
+ Stability
+   - Reset uptime when IP/ORPort/... changes.
+
+ Functionality
+  - Implement pending controller features.
+  - HTTPS proxy for OR CONNECT stuff. (For outgoing SSL connections to
+    other ORs.)
+  - Changes for forward compatibility
+    - If a version is later than the last in its series, but a version
+      in the next series is recommended, that doesn't mean it's bad.
+  - Do end reasons better
+    - Realize that unrecognized end reasons are probably features rather than
+      bugs. (backport to 009x)
+    - Start using RESOURCELIMIT more.
+    - Try to use MISC a lot less.
+      - bug: if the exit node fails to create a socket (e.g. because it
+        has too many open), we will get a generic stream end response.
+      - niels's "did it fail because conn refused or timeout or what"
+        relay end feature.
+    - Start recognizing, but maybe not yet generating, more reasons and
+      needed -- aim to eliminate misc. (backport to 009x)
+  - Feed end reason back into SOCK5 as reasonable.
+  - cache .foo.exit names better, or differently, or not.
+  - make !advertised_server_mode() ORs fetch dirs less often.
+  - Clean up NT service code even more.  Document it. Enable it by default.
+    Make sure it works.
+
+ Documentation
+  - Document new version system.
+  - Correct and clarify the wiki entry on port forwarding.
+  - Document where OSX, windows logs go, where stuff is installed.
+
+ Installers
+  - Vet all pending installer patches
+    - Win32 installer plus privoxy, sockscap/freecap, etc.
+  - Make OSX man pages go into man directory.
+
+ Correctness
    - Bugfixes
-     o fix dfc/weasel's intro point bug
      - when we haven't explicitly sent a socks reject, sending one in
        connection_about_to_close_connection() fails because we never give it
        a chance to flush. right answer is to do the socks reply manually in
        each appropriate case, and then about-to-close-connection can simply
-       warn us if we forgot one.
-
-   - Documentation
-     - Convert man pages to pod, or whatever's right.  Alternatively, find
-       a man2html that actually works.
-     o Macintosh HOWTO page.
-
-   - Evangelism
-     - Get more nodes running on 80 and 443.
-     - Get epic, aclu, etc running nodes.
-
-   - Dirservers and server descs: small, backward-compatible changes
-     - support hostnames as well as IPs for authdirservers.
-     - If we have a trusted directory on port 80, stop falling back to
-       forbidden ports when fascistfirewall blocks all good dirservers.
-     - GPSLocation optional config string.
-
-   - SOCKS enhancements
-     - niels's "did it fail because conn refused or timeout or what"
-       relay end feature.
-     - bug: if the exit node fails to create a socket (e.g. because it
-       has too many open), we will get a generic stream end response.
-
-   - Windows
-N    - Make millisecond accuracy work on win32
-     X Switch to WSA*Event code as a better poll replacement.  Or maybe just
-       do libevent?
-
-   - Code cleanup
-     X Make more configuration variables into CSVs.
-     - Make configure.in handle cross-compilation
-       - Have NULL_REP_IS_ZERO_BYTES default to 1.
-       - Make with-ssl-dir disable search for ssl.
+       warn us if we forgot one. [Tag this 010 in flyspray.]
+     - should retry exitpolicy end streams even if the end cell didn't
+       resolve the address for you
+   - Figure out when to reset addressmaps (on hup, on reconfig, etc)
 
-   - Support
-     o Bug tracker.
+ Improvements to self-measurement.
+   - round detected bandwidth up to nearest 10KB?
+   - client software not upload descriptor until:
+     - you've been running for an hour
+     - it's sufficiently satisfied with its bandwidth
+     - it decides it is reachable
+     - start counting again if your IP ever changes.
+     - never regenerate identity keys, for now.
+     - you can set a bit for not-being-an-OR.
+     * no need to do this yet. few people define their ORPort.
 
-   - Exit hostname support
-     - cache .foo.exit names better, or differently, or not.
 
-   - IPv6 support
+ Arguable
+  - Reverse DNS: specify and implement.
+  - make min uptime a function of the available choices (say, choose 60th
+    percentile, not 1 day.)
+  - kill dns workers more slowly
+  - build testing circuits? going through non-verified nodes?
+  - config option to publish what ports you listen on, beyond ORPort/DirPort
+  - It would be nice to have a FirewalledIPs thing that works like
+    FirewallPorts.
+  - If we have a trusted directory on port 80, stop falling back to
+    forbidden ports when fascistfirewall blocks all good dirservers.
+  - Code cleanup
+    - Make configure.in handle cross-compilation
+      - Have NULL_REP_IS_ZERO_BYTES default to 1.
+      - Make with-ssl-dir disable search for ssl.
+  - Efficiency/speed improvements.
+    - Write limiting; configurable token buckets.
+    - Make it harder to circumvent bandwidth caps: look at number of bytes
+      sent across sockets, not number sent inside TLS stream.
+  - Let more config options (e.g. ORPort) change dynamically.
+  - hidserv offerers shouldn't need to define a SocksPort
+    * figure out what breaks for this, and do it.
+
+
+  No
+  - choose entry node to be one you're already connected to?
+  - Convert man pages to pod, or whatever's right.
+  - support hostnames as well as IPs for authdirservers.
+  - GPSLocation optional config string.
+  - Windows
+    - Make millisecond accuracy work on win32
+  - IPv6 support
      - teach connection_ap_handshake_socks_reply() about ipv6 and friends
        so connection_ap_handshake_socks_resolved() doesn't also need
        to know about them.
-
    - Packaging
      - Figure out how to make the rpm not strip the binaries it makes.
-
-
-Tier two:
-
-   - Efficiency/speed improvements.
-     o Handle pools of waiting circuits better.
-     o Limit number of circuits that we preemptively generate based on past
-       behavior; use same limits in circuit_expire_old_circuits().
-     - Write limiting; configurable token buckets.
-     - Make it harder to circumvent bandwidth caps: look at number of bytes
-       sent across sockets, not number sent inside TLS stream.
-
-     . Switch to libevent
-       o Evaluate libevent
-       o Convert socket handling
-       o Convert signal handling
-       o Convert timers
-       o Update configure.in
-       o Remove fakepoll
-       - Hold-open-until-flushed now works by accident; it should work by
-         design.
-       - The logic for reading from TLS sockets is likely to overrun the
-         bandwidth buckets under heavy load.  (Really, the logic was
-         never right in the first place.)  Also, we should audit all users
-         of get_pending_bytes().
-       - Make sure it works on more platforms.
-       - Find a way to make sure we have libevent 1.0 or later.
-       - Check return from event_set, event_add, event_del.
-
    - Integrate an http proxy into Tor (maybe as a third class of worker
      process), so we can stop shipping with the beast that is Privoxy.
-
-   - QOI
-     - Let more config options (e.g. ORPort) change dynamically.
-
-   - Dirservers and server descs: small, backward-compatible changes
-     - make advertised_server_mode() ORs fetch dirs more often.
-     - Implement If-Modified-Since for directories.
-
+   - Implement If-Modified-Since for directories.
    - Big, incompatible re-architecting and decentralization of directory
      system.
      - Only the top of a directory needs to be signed.
-
    - Windows
-N    - Clean up NT service code; make it work
      - Get a controller to launch tor and keep it on the system tray.
-     - Win32 installer plus privoxy, sockscap/freecap, etc.
 
-   - Controller enhancements.
-     o Implement SIGNAL feature so windows can hup, shutdown, etc.
-     - controller should have 'getinfo' command to query about rephist,
-       about rendezvous status, etc.
+Tier two:
 
 N  - Handle rendezvousing with unverified nodes.
      - Specify: Stick rendezvous point's key in INTRODUCE cell.
@@ -171,27 +154,18 @@ N  - IPv6 support (For exit addresses)
        a generalize address struct.
      - Change relay cell types to accept new addresses.
      - Add flag to serverdescs to tell whether IPv6 is supported.
-     - When should servers 
 
    - Security fixes
      - christian grothoff's attack of infinite-length circuit.
        the solution is to have a separate 'extend-data' cell type
        which is used for the first N data cells, and only
        extend-data cells can be extend requests.
-     - Make sure logged information is 'safe'.
 
    - Code cleanup
-     . rename/rearrange functions for what file they're in
      - fix router_get_by_* functions so they can get ourselves too,
        and audit everything to make sure rend and intro points are
        just as likely to be us as not.
 
-   - Bugfixes
-     - hidserv offerers shouldn't need to define a SocksPort
-       * figure out what breaks for this, and do it.
-     - should retry exitpolicy end streams even if the end cell didn't
-       resolve the address for you
-
    - tor should be able to have a pool of outgoing IP addresses
      that it is able to rotate through. (maybe)
 
@@ -209,15 +183,6 @@ N  - IPv6 support (For exit addresses)
    - DoS protection: TLS puzzles, public key ops, bandwidth exhaustion.
    - Have clients and dirservers preserve reputation info over
      reboots.
-   - round detected bandwidth up to nearest 10KB?
-   - client software not upload descriptor until:
-     - you've been running for an hour
-     - it's sufficiently satisfied with its bandwidth
-     - it decides it is reachable
-     - start counting again if your IP ever changes.
-     - never regenerate identity keys, for now.
-     - you can set a bit for not-being-an-OR.
-     * no need to do this yet. few people define their ORPort.
    - authdirserver lists you as running iff:
      - he can connect to you
      - he has successfully extended to you
@@ -247,7 +212,6 @@ Big tasks that would demonstrate progress:
    - scrubbing proxies for protocols other than http.
      - Find an smtp proxy?
      . Get socks4a support into Mozilla
-N  - Reverse DNS: specify and implement.
    - figure out enclaves, e.g. so we know what to recommend that people
      do, and so running a tor server on your website is helpful.
      - Do enclaves for same IP only.