MOD_FTP STATUS:                                                     -*-text-*-
Last modified at [$Date: 2008-06-17 13:28:35 -0500 (Tue, 17 Jun 2008) $]

The current version of this file can be found at:

  * http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS

Consult the following STATUS files for information on related projects:

  * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS
  * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS

Release history:
    [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
          while x.{even}.z versions are Stable/GA releases.]

    0.9.2   : tagged June 17, 2008
    0.9.1   : tagged, not released
    0.9.0   : tagged, not released

Contributors looking for a mission:

  * Just do an egrep on "TODO" or "XXX" in the source.

  * Review the bug database at: http://issues.apache.org/bugzilla/

  * Review the "PatchAvailable" bugs in the bug database:

    https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp&keywords=PatchAvailable

    After testing, you can append a comment saying "Reviewed and tested".

  * Open bugs in the bug database

    https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp


RELEASE SHOWSTOPPERS:

  * Several clients either trap the 'A' of ABOR in the OOB chunk,
    or omit some bytes of the IAC IP IAC DM urgent byte sequence.
    Handle these exceptions cases properly in the OOB data channel read.  
    Pity that the client developers never bothered to learn the telnet
    protocol.

  * FTPLimit* family of directives share an FTPLimitDBFile across hosts,
    yet fail to scope their tracking records to the corresponding host.
    Revert the notes in http://svn.apache.org/viewvc?rev=602264&view=rev
    once corrected.

  * include/mod_ftp.h clearly needs refactoring of public and private
    interfaces to mod_ftp, and appropriate declarations for those that
    will remain public.  Perhaps private declarations should be moved
    to modules/ftp/ftp_private.h and out of include/ altogether.
    

CURRENT RELEASE NOTES:

  * EPSV and EPRT need real world testing for different routing and DMZ
    cases and validating a range of IPv6-enabled clients' interop.
    Note many IPv4-only NAT routers appear to ignore EPRT commands,
    even as they would fix up NAT addresses from PORT commands.


CURRENT VOTES:



REALLY NICE TO WRAP THESE UP:

  * Implement AUTH GSSAPI/ADAT commands from RFC2228 Appendix I.

  * Create a parent worker, servicing root port configurations of
    active/passive sockets, as a unix domain socket-based allocator.
    It needs to be expecially strict about comparing the requested
    allocation to the server configurations, which are shared from
    the parent to this worker, and with the children.

  * For in-tree builds, extending config_vars.mk with our local
    [exp_]ftpdocsdir and installing that tree.

  * For in-tree builds, expanding @@FTPPort@@ / @exp_ftpdocsdir@
    and installing conf/extra/ftpd.conf.

  * Review i18n and naming convention issues from
      "Internationalization of the File Transfer Protocol", Curtin
      http://www.ietf.org/rfc/rfc2640.txt
    and perhaps
      "UTF-8 Option for FTP", Lundberg
      http://www3.ietf.org/proceedings/02nov/I-D/draft-ietf-ftpext-utf-8-option-00.txt

  * Review features from
      "Extensions to FTP", Hethmon
      http://www.ietf.org/rfc/rfc3659.txt

  * In httpd 2.3-dev and later, it's no longer possible to process
        Require dir-name
    which meant that mod_ftp auth required that the logged in user match
    the name of the directory in which the Require was placed.  This
    should be added as a seperate authz provider, or refactored to the
    new auth syntax (or simply dropped?)


REFERENCES:

  * "FILE TRANSFER PROTOCOL (FTP)", Postel, Reynolds
    http://www.ietf.org/rfc/rfc959.txt

  * "FTP Security Extensions", Horowitz, Lunt
    http://www.ietf.org/rfc/rfc2228.txt

  * "FTP Extensions for IPv6 and NATs", Allman, Ostermann, Metz
    http://www.ietf.org/rfc/rfc2428.txt

  * "Securing FTP with TLS", Ford-Hutchinson
    http://www.ietf.org/rfc/rfc4217.txt

