MOD_FTP STATUS: -*-text-*- Last modified at [$Date$] The current version of this file can be found at: * http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS Consult the following STATUS files for information on related projects: * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] 0.9.4 : in development 0.9.3 : tagged May 29, 2009 0.9.2 : released as beta June 27, 2008 0.9.1 : tagged, not released 0.9.0 : tagged, not released Contributors looking for a mission: * Just do an egrep on "TODO" or "XXX" in the source. * Review the bug database at: http://issues.apache.org/bugzilla/ * Review the "PatchAvailable" bugs in the bug database: https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp&keywords=PatchAvailable After testing, you can append a comment saying "Reviewed and tested". * Open bugs in the bug database https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp RELEASE SHOWSTOPPERS: * (1.0 stopper) - API change, the register new function should take an arguement suitable for display in the FEAT response, such that the implementor of FOO could display OPT1,OPT2 to FEAT. The immediate case for this API change is registration of the EPRT/EPSV commands (and essentially, anything that appears after RFC 959). * (1.0 stopper) - API change, OPTS needs to be implemented and extensible, such that various registered command handlers accept their corresponding OPTS behavior. RFC 2389 further requires that OPTS is implemented when ever FEAT is implemented, so this implementation is nonconforming. Consider a few other commands such as AUTH might need sub-delegation facilities, as well. CURRENT RELEASE NOTES: * EPSV and EPRT need real world testing for different routing and DMZ cases and validating a range of IPv6-enabled clients' interop. Note many IPv4-only NAT routers appear to ignore EPRT commands, even as they would fix up NAT addresses from PORT commands. * Extra attention should be paid to PORT and EPRT connections, especially when assigned low numbered ports, e.g. FTPActiveRange 20 CURRENT VOTES: REALLY NICE TO WRAP THESE UP: * Implement AUTH GSSAPI/ADAT commands from RFC2228 Appendix I. * For in-tree builds, extending config_vars.mk with our local [exp_]ftpdocsdir and installing that tree. * For in-tree builds, expanding @@FTPPort@@ / @exp_ftpdocsdir@ and installing conf/extra/ftpd.conf. * Review i18n and naming convention issues from "Internationalization of the File Transfer Protocol", Curtin http://www.ietf.org/rfc/rfc2640.txt and perhaps "UTF-8 Option for FTP", Lundberg http://www3.ietf.org/proceedings/02nov/I-D/draft-ietf-ftpext-utf-8-option-00.txt * Review features from "Extensions to FTP", Hethmon http://www.ietf.org/rfc/rfc3659.txt * In httpd 2.3-dev and later, it's no longer possible to process Require dir-name which meant that mod_ftp auth required that the logged in user match the name of the directory in which the Require was placed. This should be added as a seperate authz provider, or refactored to the new auth syntax (or simply dropped?) * dot-files (E.g. ".filename") are always shown, while "." this-dir and ".." (parent directory) are never shown. Additional LIST/NLST options are necessary before these are hidden by default, which implies a fairly significant refactoring. REFERENCES: * "FILE TRANSFER PROTOCOL (FTP)", Postel, Reynolds http://www.ietf.org/rfc/rfc959.txt * "FTP Security Extensions", Horowitz, Lunt http://www.ietf.org/rfc/rfc2228.txt * "FTP Extensions for IPv6 and NATs", Allman, Ostermann, Metz http://www.ietf.org/rfc/rfc2428.txt * "Securing FTP with TLS", Ford-Hutchinson http://www.ietf.org/rfc/rfc4217.txt