MOD_FTP STATUS:                                                     -*-text-*-
Last modified at [$Date: 2009-09-28 22:04:37 -0500 (Mon, 28 Sep 2009) $]

The current version of this file can be found at:

  * http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS

Consult the following STATUS files for information on related projects:

  * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS
  * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS

Release history:
    [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
          while x.{even}.z versions are Stable/GA releases.]

    0.9.7   : in development
    0.9.6   : tagged September 28, 2009
    0.9.5   : not released
    0.9.4   : not released
    0.9.3   : not released
    0.9.2   : released as beta June 27, 2008
    0.9.1   : not released
    0.9.0   : not released

Contributors looking for a mission:

  * Just do an egrep on "TODO" or "XXX" in the source.

  * Review the bug database at: http://issues.apache.org/bugzilla/

  * Review the "PatchAvailable" bugs in the bug database:

    https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp&keywords=PatchAvailable

    After testing, you can append a comment saying "Reviewed and tested".

  * Open bugs in the bug database

    https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&component=mod_ftp


RELEASE SHOWSTOPPERS:



CURRENT RELEASE NOTES:

  * EPSV and EPRT need real world testing for different routing and DMZ
    cases and validating a range of IPv6-enabled clients' interop.
    Note many IPv4-only NAT routers appear to ignore EPRT commands,
    even as they would fix up NAT addresses from PORT commands.

  * Extra attention should be paid to PORT and EPRT connections, especially
    when assigned low numbered ports, e.g. FTPActiveRange 20


CURRENT VOTES:



REALLY NICE TO WRAP THESE UP:

  * For in-tree builds, extending config_vars.mk with our local
    [exp_]ftpdocsdir and installing that tree.

  * For in-tree builds, expanding @@FTPPort@@ / @exp_ftpdocsdir@
    and installing conf/extra/ftpd.conf.

  * Fix SIZE implementation to inject the Content Length filter and
    report the true size, required for proper REST support.  Also
    ensure REST point accounts for A/I TYPE in-force.

  * Grant LIST, NLST richer parsing of -opts, with --<SP> designating
    no-opts (to conform to RFC2640).

  * dot-files (E.g. ".filename") are always shown, while "." this-dir and
    ".." (parent directory) are never shown.  Additional LIST/NLST options
    are necessary before these are hidden by default, which implies a
    fairly significant refactoring.

  * Implement LANG command and feature as our Accept-Language bluff;
      "Internationalization of the File Transfer Protocol", Curtin
      http://www.ietf.org/rfc/rfc2640.txt

  * Implement RFC2228 ADAT and AUTH GSSAPI commands Appendix I and/or
    AUTH KERBEROS_V4 from Appendix II as desired, but ideally as
    loadable FTP extension modules due to the library dependencies,
    and be sure to evaluate license compatibility issues.
      "FTP Security Extensions", Horowitz, Lunt
      http://www.ietf.org/rfc/rfc2228.txt

  * Implement additional features, MLST and MLSD, but mind the errata.
      "Extensions to FTP", Hethmon
      http://www.ietf.org/rfc/rfc3659.txt
      http://www.rfc-editor.org/errata_search.php?rfc=3659

  * Implement RFC1639, if anyone is so motivated.
    "FTP Operation Over Big Address Records (FOOBAR)", Piscitello
    http://www.rfc-editor.org/rfc/rfc1639.txt

  * In httpd 2.3-dev and later, it's no longer possible to process
        Require dir-name
    which meant that mod_ftp auth required that the logged in user match
    the name of the directory in which the Require was placed.  This
    should be added as a seperate authz provider, or refactored to the
    new auth syntax (or simply dropped?)


REFERENCES:

  * "FILE TRANSFER PROTOCOL (FTP)", Postel, Reynolds
    http://www.ietf.org/rfc/rfc959.txt

  * "TELNET PROTOCOL SPECIFICATION", Postel, Reynolds
    http://www.ietf.org/rfc/rfc854.txt

  * "Requirements for Internet Hosts -- Application and Support", Braden
    http://www.ietf.org/rfc/rfc1123.txt

  * "FTP Operation Over Big Address Records (FOOBAR)", Piscitello
    http://www.rfc-editor.org/rfc/rfc1639.txt

  * "FTP Security Extensions", Horowitz, Lunt
    http://www.ietf.org/rfc/rfc2228.txt

  * "FTP Extensions for IPv6 and NATs", Allman, Ostermann, Metz
    http://www.ietf.org/rfc/rfc2428.txt

  * "Extensions to FTP", Hethmon
    http://www.ietf.org/rfc/rfc3659.txt
    http://www.rfc-editor.org/errata_search.php?rfc=3659

  * "Securing FTP with TLS", Ford-Hutchinson
    http://www.ietf.org/rfc/rfc4217.txt