MOD_FTP STATUS:                                                     -*-text-*-
Last modified at [$Date$]

The current version of this file can be found at:

  * http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS

Consult the following STATUS files for information on related projects:

  * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS
  * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS

Release history:
    [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
          while x.{even}.z versions are Stable/GA releases.]

    0.9.3   : tagged May 29, 2009
    0.9.2   : released as beta June 27, 2008
    0.9.1   : tagged, not released
    0.9.0   : tagged, not released

Contributors looking for a mission:

  * Just do an egrep on "TODO" or "XXX" in the source.

  * Review the bug database at: http://issues.apache.org/bugzilla/

  * Review the "PatchAvailable" bugs in the bug database:

    https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp&keywords=PatchAvailable

    After testing, you can append a comment saying "Reviewed and tested".

  * Open bugs in the bug database

    https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp


RELEASE SHOWSTOPPERS:

    

CURRENT RELEASE NOTES:

  * EPSV and EPRT need real world testing for different routing and DMZ
    cases and validating a range of IPv6-enabled clients' interop.
    Note many IPv4-only NAT routers appear to ignore EPRT commands,
    even as they would fix up NAT addresses from PORT commands.

  * Extra attention should be paid to PORT and EPRT connections, especially
    when assigned low numbered ports, e.g. FTPActiveRange 20


CURRENT VOTES:



REALLY NICE TO WRAP THESE UP:

  * Implement AUTH GSSAPI/ADAT commands from RFC2228 Appendix I.

  * For in-tree builds, extending config_vars.mk with our local
    [exp_]ftpdocsdir and installing that tree.

  * For in-tree builds, expanding @@FTPPort@@ / @exp_ftpdocsdir@
    and installing conf/extra/ftpd.conf.

  * Review i18n and naming convention issues from
      "Internationalization of the File Transfer Protocol", Curtin
      http://www.ietf.org/rfc/rfc2640.txt
    and perhaps
      "UTF-8 Option for FTP", Lundberg
      http://www3.ietf.org/proceedings/02nov/I-D/draft-ietf-ftpext-utf-8-option-00.txt

  * Review features from
      "Extensions to FTP", Hethmon
      http://www.ietf.org/rfc/rfc3659.txt

  * In httpd 2.3-dev and later, it's no longer possible to process
        Require dir-name
    which meant that mod_ftp auth required that the logged in user match
    the name of the directory in which the Require was placed.  This
    should be added as a seperate authz provider, or refactored to the
    new auth syntax (or simply dropped?)


REFERENCES:

  * "FILE TRANSFER PROTOCOL (FTP)", Postel, Reynolds
    http://www.ietf.org/rfc/rfc959.txt

  * "FTP Security Extensions", Horowitz, Lunt
    http://www.ietf.org/rfc/rfc2228.txt

  * "FTP Extensions for IPv6 and NATs", Allman, Ostermann, Metz
    http://www.ietf.org/rfc/rfc2428.txt

  * "Securing FTP with TLS", Ford-Hutchinson
    http://www.ietf.org/rfc/rfc4217.txt