Note that there is a separate todo.html with different content than this.

soon - MUST:
- blacklist DigiNotar/Comodo/Türktrust hacks/certs, possibly with Chrome's serial#
  list?
- check if wildcards from X.509 are handled as strictly as required by
  the RFCs.
- audit if there are further untrusted data report_*() calls.
- Debian Bug #475239, MIME decoder may break up words (need to quote results)
- put bare IP addresses in brackets for SMTP (check if there are RFC
  1123/5321/5322 differences)
- Fix further occurrences of SMTP reply code handling:
   - for proper smtp_reponse caching of multiline codes (there are some)
   - for stomping over control characters.
- check if smtpname and smtpaddress in particular work as advertised,
  thread "Fetchmail with Postfix virtual users" around 2009-09-23 on
  fetchmail-users@, by Joost Roeleveld and Gerard Seibert.
- virtual domain DOCUMENTATION (rewriting @example.com to
  @virtual.example.com possible? Joost Roeleveld, thread "Fetchmail with
  Postfix virtual users" around 2009-09-23 on fetchmail-users@).

soon - SHOULD:
- support NIL and strings where they are alternatives to literals
- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode.
  seems non-trivial to fix: in imap_idle(), we wait for untagged
  responses, and may be deep in SSL_peek -- and that restarts the
  underlying blocking read() from the socket, so we never break out of
  the SSL_peek() with SIGUSR1.
- add repoll for all kinds of auth failures
  (requires framework to track which auth failed in auto mode)
- SockOpen sometimes exits with errno == 0, confusing users (found with
  Google RealTime on Twitter)
- make sure the man page completely lists all options (f. i. sslcertpath) in
  the tables.
- allow \Deleted without \Seen, rf. 
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466299
- document IMAP4 ACL requirements
- CRYPTO: log configured server name on certificate mismatch (perhaps pay
  attention to via entries and stuff like that)
- CRYPTO: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432618
  * write a table of combinations of TLS/SSL options
- add To: header to warning mails (authfail for instance)
- Fix TOCTOU race around prc_filecheck*
- Read CAPABILITY from greeting if present, saves one round trip.
- Check if LAST argument is properly validated against message count.
- add Message-ID: header and other SHOULD headers to warning mails?
- report actual SMTP error with "SMTP listener refused delivery", sugg.
  Richard Brooksby, fetchmail-users 2010-04-06.

soon - MAY:
- find a better replacement for sscanf parsing - we don't usually
  detect errors in format strings such as "* %d FETCH " because we don't
  check if the FETCH is (a) present, (b) consumed.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471176
  => fetchmail: support utf-8 encoding in log file
  Revisit http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400719
  => syslog messages are localised
  http://lists.debian.org/debian-devel/2006/11/msg01068.html
- when logging to syslog, disable locale?
- Get rid of peeking in socket.c? MSG_PEEK seems non-portable.
- revise ticker, and add something like .........20%.... ... 100%
  (suggested by Yue Wu)

questionable:
- Convert POP3 UIDs to X-UIDL?
- fetch IMAP message in one go (fetchmail-devel by Adam Simpkins
  <simpkins@cisco.com> around Nov 2nd)?

6.4:
- Properly free host/user entries (through C++ class instantiation and destructors...)
- Remove stupid options, such as spambounce, or deferred bounces for anything
  but wrong addresses
- Do not ever guess envelope from content headers such as To:/Cc:/Resent-To: or
  similar.
- Replace sscanf/fscanf by functions that do range checking
  (strtol/strtoul), and make arguments unsigned long.
- drop LAST support
- use PS_PROTOCOL for pre-/post-connect command failures - 6.3 uses 
  PS_SYNTAX, and that's not necessarily the case. At least if the 
  command terminates with a signal, we should report PS_PROTOCOL.
- revisit maximum allowed rcfile permissions, fix inconsistency
  (silently allowing g+x).
- make UID code more efficient, parsing is O(n^2), should be no worse
  than O(n log n), lookup is O(n), should be O(log n).
  * Idea for C: use <search.h> tfind/tsearch. Need to split idlist up
    so it only keeps the ids, and use an array to track status.
- help systematic debugging
    - by making logging more strict (Postfix's msg_* as example??)
    - by adding a --loggingtest or something that emits 
      a set of test log messages at various severity levels, in order to 
      make sure people get complete logs.
    - by adding messages where fetchmail stuffed its output.
- Debian Bug #454291 fetchmail --quit: should check, that pid file 
  really contains pid of fetchmail process (Dmitry Nezhevenko)
  => use fcntl() lock?
- feature to skip first N or all messages upon first download, or fetch
  last N.
- download onl<style>pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Litera