Redivide 0.2.1 items into do,nice-to-have,and defer.

svn:r17539

ChangeLog

@@ -3,7 +3,9 @@ Changes in version 0.2.1.9-alpha - 200?-??-??
   o Minor features (controller):
     - New CONSENSUS_ARRIVED event to note when a new consensus has
       been fetched and validated.
-    - Finally remove deprecated "EXTENEDED_FORMAT" feature.
+    - Finally remove deprecated "EXTENEDED_FORMAT" feature.  It has
+      been called EXTENDED_EVENTS since 0.1.2.4-alpha.
+
 
 Changes in version 0.2.1.8-alpha - 2008-12-08
   o Major features:

doc/TODO.021

@@ -20,6 +20,9 @@ K       - Karsten claims
         D Deferred
         X Abandoned
 
+Temporary legend:
+
+
 =======================================================================
 
 Things Roger would be excited to see:
@@ -111,10 +114,9 @@ R - bridge communities
       - man page entries for Alternate*Authority config options
 
 Documentation for Tor 0.2.0.x:
-  - Proposals:
-    . 111: Prioritize local traffic over relayed.
-R     - Merge into tor-spec.txt.
-    - 113: mark as closed close.
+  o Proposals:
+    o 111: Prioritize local traffic over relayed.
+    o 113: mark as closed close.
   o document the "3/4 and 7/8" business in the clients fetching consensus
     documents timeline.
 R   - then document the bridge user download timeline.
@@ -155,27 +157,14 @@ For 0.2.1.x:
         - Advertise availability of ipv6.
         - Geoip support, if only to add a zone called "ipv6"
 
-    - 118: Listen on and advertise multiple ports:
-      - Tor should be able to have a pool of outgoing IP addresses that it is
-        able to rotate through. (maybe.  Possible overlap with proposal 118.)
-      - config option to publish what ports you listen on, beyond
-        ORPort/DirPort.  It should support ranges and bit prefixes (?) too.
-      - Need to figure out the right format for routerinfo_t on this.
 K   . 121: Hidden service authentication:
-           missing: delayed descriptor publication for 'stealth' mode.
-R   d 128: families of private bridges
-    - 134: handle authority fragmentation.
+      - missing: delayed descriptor publication for 'stealth' mode.
+R   o 128: families of private bridges
     o 135: simplify configuration of private tor networks.
-    - 140: Provide diffs betweeen consensuses
 K   - 143: Improvements of Distributed Hidden Service Descriptor Storage:
            only easy parts for 0.2.1.x, defer complex ones to 0.2.2.x.
-    - 147: Eliminate the need for v2 directories in generating v3 directories
-R     - authorities should initiate a reachability test upon first
-        glimpsing a new descriptor.
     - 148: Stream end reasons from the client side should be uniform.
-K   - 155: Four Improvements of Hidden Service Performance
-
-  - Maybe:
+K   o 155: Four Improvements of Hidden Service Performance
     - 145: Separate "suitable from a guard" from "suitable as a new guard"
     - 146: Adding new flag to reflect long-term stability
     - 149: Using data from NETINFO cells
@@ -187,10 +176,6 @@ K   - 155: Four Improvements of Hidden Service Performance
   - Proposals to write:
     - Fix voting to handle bug 608 case when multiple servers get
       Named.
-R   d Do we want to maintain our own set of entryguards that we use as
-      next hop after the bridge?
-    d Possibly: revise link protocol to allow big circuit IDs,
-      variable-length cells, proposal-110 stuff, and versioned CREATES?
 N   . Draft proposal for GeoIP aggregation (see external constraints *)
     . Figure out how to make good use of the fallback consensus file. Right
       now many of the addresses in the fallback consensus will be stale,
@@ -201,54 +186,34 @@ N   . Draft proposal for GeoIP aggregation (see external constraints *)
       o Write the proposal.
       - Patch our tor.spec rpm package so it knows where to put the fallback
         consensus file.
-    d Something for bug 469, to limit connections per IP.
     . Put bandwidth weights in the networkstatus? So clients get weight
       their choices even before they have the descriptors; and so
       authorities can put in more accurate numbers in the future.
-    d Fetch an updated geoip file from the directory authorities.
 
   - Tiny designs to write:
-    . Better estimate of clock skew; has anonymity implications.  Clients
-      should estimate their skew as median of skew from servers over last
-      N seconds, but for servers this is not so easy, since a server does
-      not choose who it connects to.
-    - Do TLS connection rotation more often than "once a week" in the
-      extra-stable case.
-      (One reason not to do it more often is because the old TLS conn
-       probably has a circuit on it, and we don't really want to build up
-       dozens of TCP connections to all the other extra-stable relays.)
     - If a relay publishes a new descriptor with a significantly lower
       uptime or with a new IP address, then we should consider its current
       "running" interval to have ended even if it hadn't yet failed its
       third reachability test. the interval ended when the new descriptor
       appeared, and a new interval began then too.
 
-  - Use less RAM *
-    - Optimize cell pool allocation.
-    d Support (or just always use) jemalloc (if it helps)
-    - mmap more files.
-    - Look into pulling serverdescs off buffers as they arrive.
+  - Authority improvements:
+R   - authorities should initiate a reachability test upon first
+      glimpsing a new descriptor.
+
   - Use less bandwidth
     - Use if-modified-since to download consensuses
-  - Handle multi-core cpus better
-    - Split circuit AES across cores?
-    - Split TLS across cores?  This will be harder.
+
   - Testing
     - Better unit test coverage
-    - Refactor unit tests into multiple files
     - Verify that write limits to linked connections work.
-  - Use more mid-level and high-level libevent APIs
-    - For dns?
-    - For http?
-    - For buffers?
-  - Tool improvements:
-    - Get IOCP patch into libevent *
 
   - Security improvements
-    - make is-consensus-fresh-enough check way tighter.
+    - make is-consensus-fresh-enough check tighter.
     - If we haven't tried downloading a consensus for ages since we're tired,
       try getting a new one before we use old descriptors for a circuit.
       Related to bug 401. [What does "since we're tired" mean? -RD]
+      [I don't know. -NM]
 
   - Feature removals and deprecations:
     - Get rid of the v1 directory stuff (making, serving, and caching)
@@ -257,19 +222,22 @@ N   . Draft proposal for GeoIP aggregation (see external constraints *)
       . perhaps replace it with a "this is a tor server" stock webpage.
         - Get the debs to set DirPortFrontPage in the default.
         - Decide how to handle DirPortFrontPage files with image links.
-    - The v2dir flag isn't used for anything anymore, right? If so, dump it.
-    - Even clients run rep_hist_load_mtbf_data(). Does this waste memory?
-      Dump it?
-    - Unless we start using ftime functions, dump them.
-    - can we deprecate 'getinfo network-status'?
-    - can we deprecate the FastFirstHopPK config option?
     - Can we deprecate controllers that don't use both features?
-    - Dump most uint32_t addr functions.
+      - Both TorK and Vidalia use VERBOSE_NAMES.
+      - TorK uses EXTENDED_EVENTS.  Vidalia does not. (As of 9 Dec.)
+      - Matt is checking whether Vidalia would break if we started to use
+        EXTENDED_EVENTS by default.
+
+External tool improvements:
+  - Get IOCP patches into libevent
 
 Nice to have for 0.2.1.x:
-  - Proposals to write
-    - steven's plan for replacing check.torproject.org with a built-in
-      answer by tor itself.
+  - Proposals, time permitting
+    - 134: handle authority fragmentation.
+    - 140: Provide diffs betweeen consensuses
+
+  - Handle multi-core cpus better
+    - Split circuit AES across cores
 
   - Documentation
 P   - Make documentation realize that location of system configuration file
@@ -278,7 +246,7 @@ P   - Make documentation realize that location of system configuration file
   - Small controller features
     - A status event for when tor decides to stop fetching directory info
       if the client hasn't clicked recently: then make the onion change too.
-    - Add a status event when new consensus arrives
+    o Add a status event when new consensus arrives
 
   - Windows build
 P   - Figure out why dll's compiled in mingw don't work right in WinXP.
@@ -288,16 +256,84 @@ P   - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle
     - Refactor the HTTP logic so the functions aren't so large.
     - Refactor buf_read and buf_write to have sensible ways to return
       error codes after partial writes
+    - deprecate router_digest_is_trusted_dir() in favor of
+      router_get_trusteddirserver_by_digest()
+
+  - Should be trivial
+    - Tor logs the libevent version on startup, for debugging purposes.
+      This is great. But it does this before configuring the logs, so
+      it only goes to stdout and is then lost.
+
+  - Deprecations
+    - Even clients run rep_hist_load_mtbf_data().  This doesn't waste memory
+      unless they had previously been non-clients collecting MTBF data.
+      Dump it anyway?
+    - Unless we start using ftime functions, dump them.
+    - can we deprecate the FastFirstHopPK config option?
+    - The v2dir flag isn't used for anything anymore, right? If so, dump it.
+    - can we deprecate 'getinfo network-status'?
+    - Dump most uint32_t addr functions.
+
+
+Defer:
+  - Proposals
+    - 118: Listen on and advertise multiple ports:
+      - Tor should be able to have a pool of outgoing IP addresses that it is
+        able to rotate through. (maybe.  Possible overlap with proposal 118.)
+      - config option to publish what ports you listen on, beyond
+        ORPort/DirPort.  It should support ranges and bit prefixes (?) too.
+      - Need to figure out the right format for routerinfo_t on this.
+    - 147: Eliminate the need for v2 directories in generating v3 directories
+
+  - Proposals to write.
+    d Something for bug 469, to limit connections per IP.
+R   d Do we want to maintain our own set of entryguards that we use as
+      next hop after the bridge?
+    d Possibly: revise link protocol to allow big circuit IDs,
+      variable-length cells, proposal-110 stuff, and versioned CREATES?
+    d Fetch an updated geoip file from the directory authorities.
+
+
+  - Tiny designs to write
+    - Better estimate of clock skew; has anonymity implications.  Clients
+      should estimate their skew as median of skew from servers over last
+      N seconds, but for servers this is not so easy, since a server does
+      not choose who it connects to.
+    - Do TLS connection rotation more often than "once a week" in the
+      extra-stable case.
+      (One reason not to do it more often is because the old TLS conn
+       probably has a circuit on it, and we don't really want to build up
+       dozens of TCP connections to all the other extra-stable relays.)
+
+
+  - Use less RAM
+    - Optimize cell pool allocation.
+    - Support (or just always use) jemalloc (if it helps)
+    - mmap more files.
+    - Pull serverdescs off buffers as they arrive.
+    - Allocate routerstatus_t objects on a per-networkstatus memchunk.
+
+  - Split TLS across multiple cores
+
+  - Use more mid-level and high-level libevent APIs
+    - For dns?
+    - For http?
+    - For buffers?
+
+  - Proposals to write
+    - steven's plan for replacing check.torproject.org with a built-in
+      answer by tor itself.
+
+  - Refactor bad code:
     - Streamline how we pick entry nodes: Make choose_random_entry() have
       less magic and less control logic.
-    - Don't call time(NULL) so much; instead have a static time_t field
-      that gets updated only a handful of times per second.
     - Move all status info out of routerinfo into local_routerstatus.  Make
       "who can change what" in local_routerstatus explicit.  Make
       local_routerstatus (or equivalent) subsume all places to go for "what
       router is this?"
-    - deprecate router_digest_is_trusted_dir() in favor of
-      router_get_trusteddirserver_by_digest()
+    - Don't call time(NULL) so much; instead have a static time_t field
+      that gets updated only a handful of times per second.
+    - Refactor unit tests into multiple files
 
   - Make Tor able to chroot itself
     o allow it to load an entire config file from control interface
@@ -308,9 +344,6 @@ P   - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle
 
   - Should be trivial:
     - Base relative control socket paths (and other stuff in torrc) on datadir.
-    - Tor logs the libevent version on startup, for debugging purposes.
-      This is great. But it does this before configuring the logs, so
-      it only goes to stdout and is then lost.
     - enforce a lower limit on MaxCircuitDirtiness and CircuitBuildTimeout.
     - Make 'safelogging' extend to info-level logs too.
     - don't do dns hijacking tests if we're reject *:* exit policy?
@@ -320,4 +353,3 @@ P   - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle
 
   d Interface for letting SOAT modify flags that authorities assign.
     (How to keep the authority from clobbering them afterwards?
-