TODO 37.8 KB
Newer Older
Per Cederqvist's avatar
Per Cederqvist committed
1 2 3
This file attempts to list the things that need to be done on this
server.

Per Cederqvist's avatar
Per Cederqvist committed
4 5
* Showstoppers

Per Cederqvist's avatar
Per Cederqvist committed
6
** New predefined aux-items: 31-32, 10100-10104: implement them.
7

Per Cederqvist's avatar
Per Cederqvist committed
8 9
** Who is allowed to remove an faq-text-aux-item?  6024603.

Per Cederqvist's avatar
Per Cederqvist committed
10 11 12 13 14 15 16 17
** Analyze the bug reported in 5970012.

* Unsorted.

** No async message is sent when a user-area is changed.

** Move this list to a better forum.

Per Cederqvist's avatar
Per Cederqvist committed
18
* High priority, but they can wait until after the next release.
Per Cederqvist's avatar
Per Cederqvist committed
19

Per Cederqvist's avatar
Per Cederqvist committed
20 21
** Protocol-A.texi doesn't define what "letterbox" (and similar 
   strings) in the definition of built-in aux-times means.
Per Cederqvist's avatar
Per Cederqvist committed
22

Per Cederqvist's avatar
Per Cederqvist committed
23
** Fix dbck so that it can repair the database damage created by
Per Cederqvist's avatar
Per Cederqvist committed
24 25
   lyskomd 2.0.0.  Some work done on the "dbckmultiplechoice" branch
   of dbck.c.
Per Cederqvist's avatar
Per Cederqvist committed
26

27 28 29
** src/server/testsuite/lyskomd.0/gen-15.py should be enhanced.  
   It only tests a tiny fraction of what should be tested.

Per Cederqvist's avatar
Per Cederqvist committed
30 31 32
** There is no timeout for unused sessions, and we don't use TCP
   keepalive packets.

33 34 35 36 37 38 39 40
** The names of various conferences are suspect. (4219085)

** Implement the aux-item "recommended-conf".

** mx-date är trasig.  Testfall som konstaterar detta behövs. (4171451)

** mx-foo (4160925)

Per Cederqvist's avatar
Per Cederqvist committed
41 42 43 44
** Write a make-backup-copy shellscript.

** Test the distribution under Red Hat 6.0.

David Byers's avatar
Server:  
David Byers committed
45 46
** Features

David Byers's avatar
David Byers committed
47
*** Reload configuration.
48
    Aux-items are now reloaded on a WINCH signal. Reload other params too.
David Byers's avatar
David Byers committed
49

David Byers's avatar
Server:  
David Byers committed
50 51
*** Cross references should create a mirror item.

Per Cederqvist's avatar
Per Cederqvist committed
52 53
*** --with-language should select the collate table.

David Byers's avatar
David Byers committed
54 55
*** Generic mirror-this-aux-item trigger

David Byers's avatar
Server  
David Byers committed
56 57 58 59 60 61 62 63 64 65
** Testing

*** No test case for attempting to garbage collect a text that has an
    aux item with a dont-garb flag. No test for cc-recpt preventing
    garbage collection that would be allowed by recpt. Ditto for
    bcc-recpt. No test for cc-recpt that permits garbage collection
    when recpt also does. No test for sent-at preventing garbage
    collection.
   

66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179
** We still leak secrets

*** login, login_old
    If the person is secret we should return KOM_UNDEF_PERS unless the 
    password is correct or the session has privileges to see the
    person. Right now we can map out secret persons by attempting to
    log in with the wrong password.

*** change_conference
    If the conference exists but is secret we return not-member. We
    should return KOM_UNDEF_CONF.

*** create_person_old
*** create_person
*** change_name
*** create_conf
*** create_conf_old
    If we try to use a name to the name of a secret conference we
    return KOM_CONF_EXISTS. We can't really do a lot to prevent this.

*** get_session_info
*** get_session_info_ident
    Returns the number of secret persons and secret conferences even
    if the viewer has no right to see them.

*** set_priv_bits
*** set_passwd
    Does not check if the caller is allowed to see the person.

*** get_unread_confs
    Does not check that the caller is allowed to see the person, and
    returns the correct result even for secret persons, including
    secret confs!

*** set_user_area
*** set_presentation (do_set_presentation)
*** set_etc_motd (do_set_etc_motd)
    Allows us to set user area to any text, even secret ones. Leaks
    information by returning error for deleted texts and non-error for 
    all other texts.

*** lookup_name and similar functions
    Not really checked.

*** get-members
    Leaks number of secret members since they are not completely
    deleted from the member list, just zeroed out.

*** add_member
*** add_member_old
    Returns KOM_INVALID_MEMBERSHIP if we attempt to add secret person
    to open conf as secret member when conf does not allow secret
    members. This allows us to find all secret persons. This check is
    done before we check if the user making the call is allowed to see 
    the conference, so it lets us find out which secret conferences
    allow secret members. It is possible to add secret persons as
    memberships. If the person is already a secret member the call
    appears to succeed but the membership is still secret, so it is
    possible to find all persons who are secret members of a
    conference.

*** sub_member
    No access check on conference or person before attempting to
    locate membership. As a result we can find out if a conference
    exists by attempting to sub_member with a nonexistant person. If
    we get a KOM_UNDEF_PERS, the conference exists. Fix by doing
    access checks right after getting the conf_c and pers_p from the
    database. The final if statement is also suspect.

*** set_unread
*** set_last_read
    No access check on conference before attempting to locate
    membership. This means we can locate all secret conferences.

*** set_permitted_submitters
*** set_supervisor
*** set_super_conf
    Existance check for new supervisor/permitted submitters/super
    before access check on conference being changed. We can use this
    to map out all secret conferences.

*** set_conf_type
    No access check on conference before examining conference type.
    Use this to map out all secret conferences.

*** unmark_text
    No access check on the text. This is done in do_unmark_text, but
    is is not immediately obvious why it works (although it does.)
    Should add an explicit search for the mark before doing anything
    else. Maybe. 

*** mark_as_read
    No access check on conf before attempting to locate membership. We 
    can use this to map out all secret conferences.

*** sub_footnote
*** sub_comment
    No read access check on texts before checking if they are
    comments. This allows us to map out all secret texts and all
    comment chains (just try sub_comment for all pairs of texts that
    might be in the system or all secret texts found by some other
    method.)

*** get-last-text
    May return a secret text since no access checks are made on the
    result.

*** who_is_on_dynamic
*** who_is_on_ident
*** who_is_on
*** who_is_on_old
    Returns secret persons and secret working conferences. No
    filtering is done on the result.

Per Cederqvist's avatar
Per Cederqvist committed
180 181
** Change read-texts. (4111477)

David Byers's avatar
Server  
David Byers committed
182 183 184 185 186 187 188 189
** modify_conf_info can operate on an rd_protected conf.
   Perhaps we should have a flag that says an item can be added only
   by members of the conference?

** get_conf_stat returns aux_items for re_prot confs.
   We should almost certainly have a way of filtering out some aux
   items so they are not visible to non-members.

Per Cederqvist's avatar
Per Cederqvist committed
190 191 192
** Remove src/include/compiler.h and use autoconf tests instead.
   Is NORETURN used where it should be used?

Per Cederqvist's avatar
Per Cederqvist committed
193 194 195
** Fix configure.in.  The output of ./configure --help isn't as good 
   as it should be.  See libisc.

196 197
** The configure script fails if neither flex nor lex can be found.

198 199 200 201 202 203 204
** async-text-deleted (and possibly others) should be sent to
   recipients of any of the objects linked to the text that is
   deleted.

** Add an enable_val value to the Person structure, and use it when no
   session is available.

Per Cederqvist's avatar
Per Cederqvist committed
205 206
** Handle timetravel better.

David Byers's avatar
David Byers committed
207 208 209 210 211
** Add leaks tests for all situtations when the client gets
    disconnected from the server. 

** Statement coverage tests for the aux-item-def parser 

Per Cederqvist's avatar
Per Cederqvist committed
212
** Fix the markup in the Texinfo files
Per Cederqvist's avatar
Per Cederqvist committed
213

David Byers's avatar
David Byers committed
214 215
** Consider changing many paths so that it is safe to install lyskomd
   with prefix=/usr/local.
David Byers's avatar
David Byers committed
216

David Byers's avatar
David Byers committed
217 218
        How about saving this for the next release and then support
        various other path conventions?
David Byers's avatar
David Byers committed
219

David Byers's avatar
David Byers committed
220
** Add a checksum on each object in the database.
David Byers's avatar
David Byers committed
221

David Byers's avatar
David Byers committed
222 223 224 225 226
** The text-mass file should contain some redundancy. At a minimum, it
   should store the text number and text length of each text, so that
   there is absolutely no risk that the wrong text is displayed. (That
   has actually happened more than once due to faulty hardware or
   operating systems--we should do better.)
David Byers's avatar
David Byers committed
227

David Byers's avatar
David Byers committed
228
** Should anyone be able to set their letterbox to secret?
David Byers's avatar
David Byers committed
229

David Byers's avatar
David Byers committed
230 231 232 233 234
** Fixa s{kerhetsbuggen vid read_texts et c. Det b|r vara s} att man
   inte f}r veta mappningen s} ofta som nu. Vilka texter som {r l{sta
   b|r ocks} vara mer hemligt. Ett nytt anrop, query_unread(), b|r
   inf|ras. Resultatet {r antalet ol{sat brev och _kanske_
   Local_text_no f|r det h|gsta nummret. 
David Byers's avatar
David Byers committed
235

David Byers's avatar
David Byers committed
236 237
   (Det var l{nge sen jag skrev det h{r, och jag minns inte riktigt
   vad jag menar, men man borde nog titta p} det h{r s} sm}ningom).
David Byers's avatar
David Byers committed
238

David Byers's avatar
David Byers committed
239 240
** Asynchronous messages may not be censored enough. Check all
   messages that contain conf-nos.
David Byers's avatar
David Byers committed
241

David Byers's avatar
David Byers committed
242 243 244 245 246 247 248
** Add triggers have to have the capability of preventing addition.
   This is difficult since we check the validity of addition before
   adding the items. The prevention would have to happen in the check 
   phase, when the triggers are not called. The correct solution is
   probably to implement validation functions in addition to
   validation strings and let the validation function take care of
   checking if the item can be added.
Per Cederqvist's avatar
Per Cederqvist committed
249

David Byers's avatar
David Byers committed
250 251 252
** The Info structure should contain statistics about the server
   (uptime, other interesting stuff.) (from 1991)
       Implement a new call for this.
Per Cederqvist's avatar
Per Cederqvist committed
253

254 255 256
** Fix proper ctor/dtor semantics of everything in memory.c.  _clear
   is an abomination.

David Byers's avatar
David Byers committed
257 258 259 260 261
** Call to s_fcrea_str in prot_a_get_token should be removed. There is 
   really no reason why we can't us a statically allocated string
   instead (I know, this is microoptimization, but this function gets
   called a *lot*)

Per Cederqvist's avatar
Per Cederqvist committed
262 263 264 265 266
   Measurements shows that more than 95% of the calls to s_fcrea_str
   originates from prot_a_get_token.  They also show that
   s_fcrea_str and its descendants uses approximately 22 out of
   35000 seconds.

David Byers's avatar
David Byers committed
267 268 269 270 271 272 273 274
** Change log.c to something better.

** Look over all places where restart_kom is called. Frequently the
   error is not severe enough to warrant panicing (or so I think.) For 
   example, if cached_create_person fails it is very serious, but all
   code that calls this function is prepared to deal with the
   problems.

275 276
** Actually remove all man pages.  This must wait till after the next release.

277 278 279 280 281 282 283 284 285
** We have to be able to limit creation of certain aux-items to users
   with special privileges. Most of the import/export items need
   this. Put in a new flag in the aux-item-definition file, add it to
   the parser, check it in aux_item_check_add_perm or whatever the
   hell the function was named. Test it. The biggest problem is to
   figure out what permissions should be needed. I suppose it's
   possible that we could let the user specify level and bits in the
   aux-items.conf file, but that would mean mucking more with the
   parser.
286

287 288 289 290 291
** Fixa s{kerhetsbuggen vid read_texts et c. Det b|r vara s} att man
   inte f}r veta mappningen s} ofta som nu. Vilka texter som {r l{sta
   b|r ocks} vara mer hemligt. Ett nytt anrop, query_unread(), b|r
   inf|ras. Resultatet {r antalet ol{sat brev och _kanske_
   Local_text_no f|r det h|gsta nummret. 
Per Cederqvist's avatar
Per Cederqvist committed
292

293 294
   (Det var l{nge sen jag skrev det h{r, och jag minns inte riktigt
   vad jag menar, men man borde nog titta p} det h{r s} sm}ningom).
295

Per Cederqvist's avatar
Per Cederqvist committed
296

297
** param.maxqueuedsize and other ISC configuration is ignored.
Per Cederqvist's avatar
Per Cederqvist committed
298

299
** Transaction logging, so that we never lose any data.
Per Cederqvist's avatar
Per Cederqvist committed
300

301 302 303
** dbck should check that all creation_times of Texts are consecutive,
   and that all local add-times of texts in confereces are
   consecutive.
Per Cederqvist's avatar
Per Cederqvist committed
304

305
** Fix Nisse's text garbing procedure. See doc/IDEAS for details.
306
   
307
** Proof-read Protocol-A.texi.
Per Cederqvist's avatar
Per Cederqvist committed
308

309 310 311 312 313 314
** Consider implementing aux-infos that are the "reverse" of a Mark,
   of the aux-info faq-text, of a presentation, et c. Once that is
   done, the mark_text field of the Text_stat can be removed. More
   importantly, it can easily be seen which conference a text is a
   presentation for (et c). We also get more redundancy that dbck can
   use. (3490225) 
Per Cederqvist's avatar
Per Cederqvist committed
315

316 317 318
        I think that we want a more complex mark structure, and have
        both text and marker know about the marks on a particular
        text.
319

320 321 322 323 324
** Consider implementing an aux-info that causes comments of a text,
   or of all texts written by the author, to get a bcc-recpt to the
   authors letterbox. Make sure that this bcc-recpt is not the only
   thing that makes it possible for the person to read the text. 
   (3381984, 3382009)
325

326
** Define and implement asynchronous messages for cache inconsitency.
Per Cederqvist's avatar
Per Cederqvist committed
327

328
          This is partially done. -- DCB
Per Cederqvist's avatar
Per Cederqvist committed
329

330 331 332 333 334
   One problematic situation is when a new comment is created, and a
   conference that is a recipient of the commented text is not a
   member of the comment.  Any user that is a member of that
   conference will not receive the new_text message, so his cache will
   not be updated.
Per Cederqvist's avatar
Per Cederqvist committed
335

336 337
** Add an improved internal structure for the text_stat list to avoid
   a large fixed-size array.
Per Cederqvist's avatar
Per Cederqvist committed
338

339 340
** Document the mark bits. (6390, 24358, 24444, 40876, 42356, 45110,
   1111605, 2687219)
341

342 343 344
        Better still, implement a more complex mark structure rather
        than using the current mark number as a bitfield. We need to
        be able to see what marks are set on a given text. -- DCB
Per Cederqvist's avatar
Per Cederqvist committed
345

346
** Document the user area.
David Byers's avatar
David Byers committed
347

348 349
** Add a separate subject field (a short string) to the Text-stat. 
   Problems: should the subject be restricted to ISO 8859-1?
350

Per Cederqvist's avatar
Per Cederqvist committed
351 352
** Remove cache_node.s.snapshot (in cache-node.h).  It is unused.

353
* Lower priority than the above-mentioned things.
354

355 356 357 358
** isc_disable()/isc_enable() should be used, so that a single session
   cannot starve other sessions.  We might need a better mechanism
   that isc_disable()/isc_enable.

359 360 361 362 363 364 365 366 367 368 369 370 371 372
** The Info structure should contain statistics about the server
   (uptime, other interesting stuff.) (from 1991)

** difftime is not used everywhere where it should be used. There are
   a few places where '-' is still used to get a diff in seconds.

** Fix something that can replace the user_area.  The elisp-client
   creates a new user-area each time a person creates a permanent
   filter.  What a waste of text numbers!  It would be better to have
   a way to store per-user configuration separately.  It should
   probably be keyed data, but separating it in different sections
   like we do with the user-area really doesn't make much sense.

** Comments should optionally inhibit the garb (3608307).  See IDEAS.
Per Cederqvist's avatar
Per Cederqvist committed
373 374

** Do something about how large texts are sent back to the client.  We
375
   should probably get rid of ISC altogether.  See IDEAS.
Per Cederqvist's avatar
Per Cederqvist committed
376

377 378 379
** Performance enhancement: Don't emit asynchronous messages
   immediately. Attempt to write, say, 4 KB of data at a time to the
   clients. The server currently makes a lot of small writes.
380

381 382
** Introduced aux-items that states that "this text is the
   presentation/motd of conference so-and-so".
383

384
** Run the garb at 02:00 (configurable) rather than every 24 hours.
385

386 387
** Some generalized way to query the server for (unread) texts with a
   certain aux-item set. (see 21415 for motivation)
388

389
** Write a "lyskomd hackers guide" (requested in 24684).
390

391
** Tree-structure for the conferences (41768). 
392

393 394
        Yay! See the IDEAS file for some concrete ideas on how to do
        this. -- DCB.
395

396 397 398
** Don't include so much information in the Person and Conference
   structures internally in the server. A Conference is (probably)
   used much more often than the large internal lists within it.
399

400 401 402 403 404 405 406 407
   For active conferences, the l2g map is probably used a lot. However
   the created-texts map for a person is not used a lot. The
   read-texts part of memberships get updated a lot. For maximum gains
   we probably have to split off the created-texts map and make is
   possible to read individual memberships from disk. The entire thing
   should be hidden from most of the server by automatically reading
   bits of maps or memberships on demand from disk. High-level
   functions shouldn't have to know about this.
408

409 410
** Improve the data base. Text 250010 contains some ideas for a grand
   redesign.
411

412 413 414 415 416 417 418
** A better way to "list active conferences" than to get the
   conference status of every conference and sort them on the
   last-written field. According to 310351 PortaKOM had the command
   "Lista aktiva möten". We should be as good as PortaKOM in every
   aspect. But see text 3604479 which outlines a way to implement this
   in a client in a reasonably efficient way without support from the
   server.
419

420
** Stack-based slow searching?  See 1013917 for some ideas.
421

422 423 424 425
** 103=local-to-global and 34=get-map should be able to return more
   information when applied to e. g. letterboxes. It should return
   information about all texts that ACTPERS is allowed to read. See
   678026 and 678411 for more thoughts about this.
426

427
** Re-run the test in 775202 and see if anything can be improved.
David Byers's avatar
David Byers committed
428

429
** New version of mark_as_read:
David Byers's avatar
David Byers committed
430

431
        void mark_as_read(Text_no);
432 433 434

   All examined clients emulate this call with a loop over all
   recipients of the text.
435

436
** Text parts, so that we can have both audio and text.
437

438
** Keyword support on texts.
439

440
** Keyword support on conferences (1112142, 1112200).
441

442
** Version numbering on calls? (1441352)
443

444 445 446
** A possibility to ask for conferences created after a certain date. 
   (1622840). Dubious value; the new conferences should have a
   presentation.
447

448 449 450 451 452 453 454
** Add a call to retrieve the highest used conference number, so that
   a client can loop over all conferences/detect when new conferences
   have been created while the client wasn't logged on.

** Add get_next_conf/get_previous_conf calls, to be able to loop
   through the conferences.

455 456
** A documented way to store the prefered language in the common area
   of the user area (1632323).
457

458 459 460
** Check the rules for when you are allowed to change a recpt to a
   cc-recpt. (1901530, 2329667, 2329682). (This may already be
   implemented -- check it.)
461

462 463 464 465
** It would be nice if an author could be notified whenever a text
   written by him was commented. 3381984 and 3382009 outlines a way to
   implement that using a special aux-info and automatic adding of a
   bcc-recpt by the server to the new comment.
466

467 468 469 470 471
** There should be a limit on how many texts you can mark as read in a 
   text to avoid the list becoming too long. This bug has a low
   priority. Footnote (1991-01-24): When Inge's Numlist package is
   finished, this won't matter any more. This bug requires no other
   action. Footnote (1999-01-18): When will the package be done?
David Byers's avatar
David Byers committed
472 473


474
* Fixed
David Byers's avatar
David Byers committed
475

476 477 478 479 480 481
** 30=add-recpipient: recpt-type is not a complete Misc-Info -- it is
   only an Info-Type.  Problem is: Info-Type is not defined in
   Protocol-A.texi.  Also affects async-new-recipient[16] and
   async-sub-recipient.
    DONE -- ceder

Per Cederqvist's avatar
Per Cederqvist committed
482 483 484 485 486 487 488
** lookup_regex(foo|bar) fails -- the | is translated to an ö!
    FIXED -- "Regexps use collate table" removed.  --ceder

** There is no call to mark_conference_as_changed in
   create_person_generic after the additions of aux_items.
    FIXED --ceder

Per Cederqvist's avatar
Per Cederqvist committed
489 490 491 492 493 494 495 496 497 498
** Remove DISKERR.  It was needed for version 0.29 and is still there!
    DONE --ceder

** Insert "ACTPERS == pers_no ||" into get_unread_confs to get a
   performance boost.
    DONE --ceder

** Remove the IMPL macro.  Everything is implemented now!
    DONE --ceder

499 500 501
** No test case for failed locking or failed unlocking of database
    DONE --ceder (lyskomd.0/11.exp)

Per Cederqvist's avatar
Per Cederqvist committed
502 503 504 505 506 507 508 509 510 511 512 513 514
** Update/rewrite README.
    DONE --ceder

** Check that texinfo.tex is included in a proper place by automake.
    DONE --ceder (se HACKING)

** The protocol revision section of Protocol-A.info is incomplete.
    DONE --ceder

** Consider locking the database, so that dbck cannot do harm, and so
   that only one lyskomd can use the database (consider NFS).
    DONE --ceder

515 516 517 518 519 520 521 522 523 524 525 526 527
** Document updateLysKOM in lyskomd.texi.
   There should be an "Invoking updateLysKOM" node.
   updateLysKOM should use the "Status file" parameter (and other
   parameters).
   Use parameters in src/server/updateLysKOM.c`savecore().
    DONE --ceder

** Document komrunning in lyskomd.texi.
   There should be an "Invoking komrunning" node.
   komrunning should be rewritten i C; it only works with BSD-style ps
   programs. (DONE, but it no longer displays the process)
    DONE --ceder

528 529 530
** Test that "% No connections left" works.
    DONE --ceder

531 532 533
** Document 103=local_to_global
    DONE --ceder

534 535 536
** Document 104=map_created_texts
    DONE --ceder

537 538 539 540 541 542
** Missing test cases in 03.exp
    Calls 100, 101, 102, 103, 104
    I've done 100-102. 103 and 104 left.
    I will do this --ceder
    DONE

543 544 545 546
** local_to_global isn't tested enough.  Run gcov on it.
	DONE.  We now have 96.39% coverage; only some file error
	       handling is untested.

547 548 549 550
** Improve the file format for local-to-global.c.  Warning: this will
    cause an incompatible change in the database format.
	DONE

551 552 553
** Fine-tune the Text_mapping data type (3623903, 3624144, 3624179, 3624173).
	DONE: range-begin and range-end added to Text-Mapping.

Per Cederqvist's avatar
Per Cederqvist committed
554 555 556
** Merge all changes done to prot-A.txt into Protocol-A.texi.
	DONE.  prot-A.txt removed.

557 558 559 560 561 562
** Remove the man pages for lyskomd and dbck.
	DONE.  All man pages still exists, but they only refer to the
	Texinfo documentation.  We don't want man pages from earlier
	lyskomd installations to linger around.  The should be
	completely removed in the next release, though.

563 564
** Fix dbck so that it can repair Member<->Membership inconsistencies.
        DONE. Needs to be tested though.
David Byers's avatar
David Byers committed
565

566 567 568
** Implement a test suite that tests all calls successfully at least
   once.
        DONE.
David Byers's avatar
David Byers committed
569

570 571 572
** Should the error message be named conference-zero or
   zero-conference? (Protocol-A.texi)
        DONE: conference-zero
David Byers's avatar
David Byers committed
573

574 575 576
** 52=get-unread-confs should ignore conferences where you are a
   passive member.
        DONE.
David Byers's avatar
David Byers committed
577

578 579 580
** Mention explicitly in the protocol spec that the cient cannot send
   "0 *" to the server.
        DONE.
David Byers's avatar
David Byers committed
581

582 583
** Protocol-A.texi contains both INT32 and INTEGER. (3228850)
        DONE. Changed all INTEGER to INT32
David Byers's avatar
David Byers committed
584

585 586 587 588 589
** Protocol-A.texi uses mailbox and letterbox interchangeably. Use one
   term only, or at least state explicitly that they are the same
   thing.
        DONE. Letterbox used in structures, mailbox in text. It's safe
        to replace all mailboxes with letterbox.
David Byers's avatar
David Byers committed
590

591 592
** String-Size is used but not defined in Protocol-A.texi. (3228850)
        DONE. Use INT32 instead
David Byers's avatar
David Byers committed
593

594 595
** Session-No is defined twice in Protocol-A.texi. (3228850)
        DONE. Removed second definition.
David Byers's avatar
David Byers committed
596

597 598
** Check the unused static function regarding aux-infos.
        DONE.
David Byers's avatar
David Byers committed
599

600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685
** ceder thinks that the sender of a BCC recipient group should be
   allowed to see it, so that the sender can see when the recipient
   has read the text. (3380375, 3381048)
        DONE.

** ceder thinks that a BCC recipient group should be visible to
   anybody that may become a member of the BCC recipient (as opposed
   to all members and all administrators), lest everybody starts to be
   passive members of every conference just to be able to see BCC
   recipients. (3380375, 3381048)
        DONE.

** The redirect aux-info needs more documentation. See FIXME comment
   in Protocol-A.texi.
        FIXED.

** Validation of aux-items.
        DONE. Regexp validation done.

** Ability to have a callback function when an aux-item is created,
   removed, changed or resurrected. (This is according to 3053346
   critical. Why?)
        DONE.

** The Membership that is returned by 98=query-read-texts should
   include the position of the Membership.
        DONE. Did the same for get-membership.

** Write a Texinfo manual for lyskomd based on the man pages.  
        DONE. Whee!

** The redirect aux-info needs more documentation. See FIXME comment
   in Protocol-A.texi.
        DONE.


** Should we really retain deleted aux-items indefinitely? (3490203)
        DONE. No, and we don't any more.

** disconnect(0) should disconnect the current session. (806239)
        DONE. Session 0 is now always interpreted as the current
        session.

** Add the dbck reference to the lyskomd manual.
        DONE. There is now a dbck Texinfo manual

** An asynchronous message is sent to everybody when a secret
   conference changes its name. That is an unacceptable leak of
   sensitive information. (990788, 2804846)
        FIXED.

** Check that Async 13 is sent at the proper times (see 79208).
        FIXED.

** Newline terminates requests. Check that a wording similar to that
   in 1509862 is present in Protocol-A.texi.
        FIXED.

** 89=create-person should probably not do an automatic login. (Wasn't
   this discussed in KOM? Yes it was, in 3267591, but there are no
   surviving comments. Did anybody object? /ceder)
        DONE.

** Check change-what-am-i-doing very carefully. According to 915974
   and 916257 there may be a bug in it, but that is pure speculation.
        DISMISSED. Tried sending long, short and invalid strings. No
        dice. Code inspection of functions turn up nothing.

** Should the conference supervisor be able to set the secret bit of a
   membership type? Probably yes. Maybe no.
        DONE. Can't set forbid-secret to true if there are secret
        members. Conference supervisor will have to boot secret
        members or convince them to convert.

** Create a "server hackers guide" and move the contents of
   doc/server.extend (and several other files in the doc directory) to
   it. The "server hackers guide" should probably be an appendix of
   doc/lyskomd.texi.
        DONE.

** Test the interpretation of session 0 as the current session.
        DONE.

*** Integrate doc/Bugrapporter into this document.
        DONE.

David Byers's avatar
David Byers committed
686 687 688 689
*** Get rid of tmp-limits.h
    I'll do this --DCB
        DONE.

690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776
** Let the author of a text add other people's texts as footnotes.
   (from 1991)
	REJECT. (ceder & DCB 1999-03-28)

** There is no limit on how much can be queued in a write queue in
   isc. (from 1991, still an issue.)
	DONE -- found to be fixed when the code was inspected 1999-03-28

** get-n-unread as per 1111652.
	REJECT. (ceder & DCB 1999-03-28)

** If would be cool to be able to do finger @kom.lysator.liu.se and
   get something like:

        @finger @lyskom.lysator.liu.se
        
         Wed  2-Jan-91 15:27:08  Up 718:34:00
         3+2 Jobs   Load av   0.20   0.07   0.00
        
         No LysKOM administrator in attendance
        
         Job  Line Activity  User               Where
          22    p1  Reading  ceder              LysKOM internals
          23    p2  Waiting  noppe              Inl{gg }t mig
          24    p3  Reading  pell               Hackers (@) Nanny
        
           1   172  LDB      OPERATOR
           2   173  KOMSTAT  Statistikid f|r statistikinsamling

	REJECT. (ceder & DCB 1999-03-28 -- a client could do this)

** cached_get_garb_nice has nowhere to get garb_nice from. It's not
   cached. 

        I think this is fixed with small_conf_arr. Ceder, what do you
        say? --DCB
	I say it's fixed.  /ceder

** There's a long-standing memory leak, probably in ISC. It appears
   to happen when we queue up lots of junk to clients that have died. 
   Trace what happens if we do isc_oflush and hit the E2BIG bit.

      I tried lots of crap. I think this will have to wait until we
      have a leak detection tool and can run the generic test suite on 
      the code. --DCB

      Even with a leak detection tool no leak was found.  The server
      simply uses a lot of (possibly fragmented) memory.  /ceder 1999-03-28

** Read all texts in LysKOM (-) Systemet, protokollet mm created
   after 1991 (start at text 170527) and incorporate selected
   information in this document.

	DONE.

** Read 45110, 45121, 45284 again and incorporate selected comments in 
   this document.

        45110: Membership stuff. Bellman's idea of sorting using
        anything but priority hasn't taken over the world since 1991. 
        I think we can declare it dead. Membership flags have been
        added. How a membership breaks the read order is a client
        matter. I don't think it anything to do with the server. The
        user area has been implemented. There's another todo item
        about documenting it. Marks and keywords are covered by
        another todo item. We're doing external recipients with
        aux-items. Asynchronous message bit is done.  Server info is
        done. Don't do the mapcar function for this version. We are
        using latex to document the server. I declare this DONE.

        45121: Comments to the above text. Dealt with.

        45284: Also comments. Also dealt with.

	DONE (or REJECTED).

** isc_getnextevent should use a write-set in select.
   (from 1991)
	DONE (apparently)

** Fix case errors in type names etc in the documentation (3267160).
	DONE.

** New version of get-text-stat (et al) where the misc-info-list is
   removed. (1108039).
	REJECT: too much work to be worth it.

David Byers's avatar
David Byers committed
777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829
*** Document "%%Unsupported protocol" message
    DONE.

*** Document "%% No connections left" message
    DONE.

*** Fix doc/lyskomdb.texi (Version 1) (see FIXME comments).
    DONE.

*** Document that session number 0 can be used in call 55.
    DONE.

*** There is no way to set the Personal_flags. It's not even obvious
    where it gets its initial value! This is Not Good At All.
    DONE.

*** If we try to create a pers or conf and have reached the limit
    of how many confs we can create, lyskomd just dies. Nasty. It
    should return index-out-of-range, like create-text.
    DONE.

** When we pass a read-only misc item in create-text we get a protocol 
   error. We should get an illegal-misc. We can't just pass it through 
   since create_text_add_miscs will abort if it sees one of these misc 
   items.
        DONE.

** Parsing arrays that are longer than the maximum length is not
   handled very well. Right now we return a protocol error most of the 
   time, but perhaps it would be better to return a protocol error
   only when the array is insanely long, not just when it is longer
   than the max. So we could have a global max array length parameter.
        DONE.

** Make sure that there are no "expected failures" in the test suite.
        DONE.

** Try sending a too-long aux-item list
        DONE.

** Send a too-long misc-item list
        DONE.

** Sending a too-long delete or add list crashes the server.
        DONE.

** Call add-recipient with really bogus info type
        DONE.

*** Move dbck.texi, hacking.tex and lyskomdb.texi into lyskomd.texi.  
    Two reasons: there are too many manuals, and automake apparently
    doesn't allow more than one file to include version.texi.
        DONE.
David Byers's avatar
David Byers committed
830

David Byers's avatar
David Byers committed
831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915
** Check the FIXME in cached_conf_exists. I am certain that the
   necessary changes to cached_delete_conf are done, and almost sure
   that no other changes are required (checked where s.exists is set
   to zero for existing confs, and that is only in init_cache and
   cached_delete_conf. See ChangeLog entry for Sat Sep 13
   (simple-cache.c). -- DCB

   But: we found problems with this 1999-03-28, which DCB fixed in his
   copy of the code.  Committed yet?
        DONE.

** Stoppa in lyskomdb.texi i lyskomd.texi
        DONE.

** Fråga JSK, Zander, mfl vad deras klienter sätter för client version
        DONE. 

** Check usage of is_supervisor.
        DONE.

*** Remove the text "In all likelihood, the implementation of this flag 
    is screwed up." from lyskomd.texi after checking that
    supervisor-only works properly.
        DONE.        

*** Dump all little doc files into the texinfo manuals.
    Remaining: 
        disc-cache.spec                 lyskomd.texi        översätt, uppdatera
        local-to-global.doc             lyskomd.texi        ceder?
        prot-a-tankar                   *
        prot_a                          *
        security-levels.txt             Protocol-A.texi     DONE
        what-is-unread.swe              Protocol-A.texi     DONE
        KLART.

*** Fix the node structure of Protocol-A.texi (3228867).
        DONE.

*** In prot_a_get_token, what is an insane token length?
        DONE.

*** We have to be able to specify that some aux-items can only be
    created by the server. It's possible that admins should be allowed 
    to create them as well. Perhaps this point and the previous point
    can be solved as one.
        DONE.

*** When creating an FAQ item create a reverse item on the text. Make
    sure that they are always added and removed as a pair. Accomplish
    this with the add, delete and undelete triggers.
        DONE.

*** The mark text trigger has to cause add failure if the text does
    not exist.
        DONE.

*** Use libisc 1.0.
    I will do this --ceder
        DONE.

*** Get rid of mux_printf and doc/mux.proto et c.
    I am doing this --ceder
        DONE.

** Fix all bitfield parsers to deal with arbitrary lengths. Maybe...
        DONE.

*** Send all async messages with async messages turned off
        DONE.

*** Send all async messages with a client connected that has not sent
    initial "greeting"
        DONE.

*** Try sending in negative lengths whenever we can send an array.
        DONE for misc-info-list, add-aux delete-aux

*** If we get protocol error while truncating a long list, things
    will get messed up. I think.
        DONE.

*** Check that we don't leak memory when truncating a long
    aux_item_list send from the client. 
        DONE.

David Byers's avatar
David Byers committed
916 917 918 919 920 921 922
** We should refuse to start if time has moved backwards.
        DONE

** Performance enhancement: Don't call gettimeofday() more than once
   per atomic call.
        DONE

David Byers's avatar
Server  
David Byers committed
923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950
** Fix lyskomd.0/09.exp
   DONE.

** Fix this.  active_connection is NULL and ENA is mis-used.

  #0  0x2f064 in fast_access_perm (victim=4975, viewer=119, viewer_p=0x13c70f0)
      at membership.c:776
  #1  0x2b610 in filter_secret_info (result=0xeffffa80, original=0x2f003a8, 
      viewer=0, viewer_p=0x13c70f0, output_bcc=TRUE) at text.c:1238
  #2  0x2b89c in send_async_deleted_text (text_no=2014215, text_s=0x2f003a8)
      at text.c:1350
  #3  0x2bd50 in do_delete_text (text_no=2014215, text_s=0x2f003a8)
      at text.c:1609
  #4  0x398bc in garb_text () at text-garb.c:245
  #5  0x2809c in end_of_atomic (idle=TRUE) at disk-end-of-atomic.c:81
  #6  0x29ef8 in toploop () at connections.c:713
  #7  0x1d524 in main (argc=1, argv=0xeffffd7c) at ramkomd.c:535
  DONE.

** Remove all setup_xfail
   DONE

** If ay_sub_recipient is on, but ay_deleted_text is not on, we need
   to decide which async messages to send before we start subtracting
   things from the text.  The best solution is probably to never send
   ay_sub_recipient when texts are deleted.
   DONE

951 952 953
** Add CHK_CONNECTION to remaining RPC handlers.
   DONE

David Byers's avatar
Server  
David Byers committed
954 955 956 957 958 959 960 961 962 963 964 965 966 967 968
*** modify_conf_info
    No check for secret confs. Might permit modification of any conf.
    FIXED.

*** modify_text_info
    No check for read access on text before check if we can delete
    items. This can be used to map out all secret texts. Deletion
    proceeds even for secret texts. This is bad, bad, bad.
    FIXED.


** Regex matching with the collate table does not work.
   The test for param.regexps_use_collate_table is inverted.
   It doesn't work anyway. Results are *strange*.
   FIXED.
David Byers's avatar
Server  
David Byers committed
969

970 971 972
** send_async_new_recipient in text.c sends asyncs for BCC recipients.
        DONE.

973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071
* In progress 

** Document aux-items for mail import/export. (3229403)

   3229403 1998-08-17  20:53  /47 rader/ David Byers
   Kommentar till text 3228797 av Jonas S Karlsson (Palmist)
   Mottagare: LysKOM; Utvecklingsgruppens interna möte <876>
   Markerad av 1 person.
   Ärende: 13, 14, 15
   ------------------------------------------------------------
   > Hmm, låter som en pik ;)
   
   Det menar du inte?
   
   Ceder har nog inga beskrivningar som har att göra med import av email.
   Det som ceder frågade om var en aux-item som används för att säta
   emailadress på personer, möten eller servern, inte texter.
   
   Som jag läser ditt mail så tycker du att följande aux-items behövs och
   är tillräckliga:
   
   1. Extern mottagare för inlägg
      Vad innehåller aux-item? En sladdpostadress? Vad används den till?
      Vem använder den?
   
   2. "Reply-to" på möten
      En Reply-To header som skall sättas på mail som exporteras från
      brevlådan. Vem är ansvarig för exporten? Klienten eller en
      exportör? 
   
   3. "From" på möten
      Se 2.
   
   4. CC på möten
      Se 2.
   
   5. Adress till mailinglista
      Kan sättas på möten och innehåller en sladdpostadress dit mail
      skall skickas. Vem är ansvarig för att skicka mail? En exportör
      eller klienten?
   
   6. Diverse mailhuvuden på enstaka importerade inlägg
      Du har nämnt message-id, from, reply-to, to och cc. Jag föreslår
      att man dessutom har ett item som säger att inlägget är ett
      importerat mail och att man sparar alla headerrader i inlägget.
      Det är upp till klienten att besluta om den skall visa dem eller
      inte. 
   
   7. "Spamfilter"
      En sträng som tolkas av importören. Antagligen vill du ha
      klientspecifika aux-items för detta, om du inte definierar ett
      lagom stort och stabilt språk för filtreringen. 
   
   
   Är det här tillräckligt? Om så är fallet, checka ut aux-items.def ur
   lyskomd, skriv in dina definitioner och dokumentera dem i
   Protocol-A.texi.
   (3229403) ------------------------------------------
   

** Fix aux-item 13, 14 and 15 according to 3228006 and 3228045.

   3228006 1998-08-17  14:46  /8 rader/ David Byers
   Mottagare: LysKOM; Utvecklingsgruppens interna möte <838>
   Markerad av 1 person.
   Ärende: 13, 14, 15
   ------------------------------------------------------------
   13 och 14 ser bra ut. Jag tycker du tar bort parentesen i slutet av
   beskrivningen av vad 13 betyder när den är satt på ett möte.
   
   Eventuellt skulle man kunna säga på nummer 13 att innehållet får bestå
   av två saker separerade med space. Det första är i så fall en
   identifierare. Följande identifierare är definierade: "list-address"
   och "subscription-address". Eller nåt. Jag vet inte. Skriv något åt
   det här hållet om du tycker det verkar OK.
   (3228006) ------------------------------------------
   Kommentar i text 3228045 av ceder (Per Cederqvist)
   
   3228045 1998-08-17  14:52  /10 rader/ ceder (Per Cederqvist)
   Kommentar till text 3228006 av David Byers
   Mottagare: LysKOM; Utvecklingsgruppens interna möte <839>
   Markerad av 1 person.
   Ärende: 13, 14, 15
   ------------------------------------------------------------
   Jag skulle nog nästan hellre stoppa in en ny aux-item som är
   moderatoradress.  Eller rent av låta list-address och
   subscription-address vara två nya aux-items, och bara tillåta nummer
   13 på brevlådor.  Då blir 13 en persons emailaddress.
   
   Hmm.  För ett möte som "Idonex" vill man kanske stoppa dit en aux-item
   som är något typ "sales@idonex.se".  Renast blir nog om 13 står för
   emailadresser som hör till en fysisk person, juridisk person, eller
   liknande.  (Filosofisk fråga: är en mailinglista "något liknande"
   eller något väsensskillt?)
   (3228045) ------------------------------------------


Local variables:
mode: outline
1072
End: