MOD_FTP 3.0 STATUS:                                            -*-text-*-
Last modified at [$Date$]

The current version of this file can be found at:

  * http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS

Consult the following STATUS files for information on related projects:

  * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS
  * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS

Release history:
    [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
          while x.{even}.z versions are Stable/GA releases.]

    0.9.0   : tagged December 16, 2007

Contributors looking for a mission:

  * Just do an egrep on "TODO" or "XXX" in the source.

  * Review the bug database at: http://issues.apache.org/bugzilla/

  * Review the "PatchAvailable" bugs in the bug database:

    https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp&keywords=PatchAvailable

    After testing, you can append a comment saying "Reviewed and tested".

  * Open bugs in the bug database

    https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp


RELEASE SHOWSTOPPERS:

  * Several clients either trap the 'A' of ABOR in the OOB chunk,
    or omit some bytes of the IAC IP IAC DM urgent byte sequence.
    Handle these exceptions cases properly in the OOB data channel read.  
    Pity that the client developers never bothered to learn the telnet
    protocol.

  * FTPLimit* family of directives share an FTPLimitDBFile across hosts,
    yet fail to scope their tracking records to the corresponding host.
    Revert the notes in http://svn.apache.org/viewvc?rev=602264&view=rev
    once corrected.
    
REALLY NICE TO WRAP THESE UP:

  * Implement AUTH GSSAPI/ADAT commands from RFC2228 Appendix I.

  * Process named virtual hosts based on USER foo@hostname syntax
    (stripping @hostname prior to user-auth processing).

CURRENT RELEASE NOTES:

  * EPSV and EPRT need real world testing for different routing and DMZ
    cases and validating a range of IPv6-enabled clients' interop.

CURRENT VOTES:



REFERENCES:

  * "FILE TRANSFER PROTOCOL (FTP)", Postel, Reynolds
    http://www.ietf.org/rfc/rfc959.txt

  * "FTP Security Extensions", Horowitz, Lunt
    http://www.ietf.org/rfc/rfc2228.txt

  * "FTP Extensions for IPv6 and NATs", Allman, Ostermann, Metz
    http://www.ietf.org/rfc/rfc2428.txt

  * "Securing FTP with TLS", Ford-Hutchinson
    http://www.ietf.org/rfc/rfc4217.txt