Copyright 1997, 1998 Tadayoshi Kohno (kohno@cs.colorado.edu)
All Rights Reserved.
See the LICENSE file.

This is the BUGS/TODO file.  The current version of libSSH that is
going out has room for improvement.  Hence it is in the alpha stage.

It sounds like a lot of people might be interested in seeing the
code for the library.  Since I have decided not to actively advertise
until I feel libSSH is ready, this version is primarily intended for
people to play with, hack on, and basically tear appart libSSH :)

I do not see any immediate changes to the API, which means any application
that uses libSSH shouldn't have to change as libSSH is improved.
But internally there are several things to "fix."  As a student,
I am rather busy, but am going to try to spend 10 hours a week improving
libSSH and its associated windows client.

The thinsg on the list are primarilly concerned with error-checking and
bounds checking and the fine-tuning of code.  The interface functions
are already setup to return most errors.  So code that is  built to
use libssh and handle ssh_errno's should be able to handle any new
errno without a problem.

TODO
	Things on my todo list are:
	
	* buffer overflows -- for example, if the user give a *really*
	  long password or username.  Actually, everything in
	  the ssh_cmsg.c file should be built to handle things like
	  this.  This won't  be too hard to change.

	---
	* create better seeds for the random number generator
	  this is especially true before creating the RSA identities

	* check for NULL pointers everywhere.  there are a few internal
	  routines that do not do this.

	* look for all occurrences of 'xxx' in the code -- these
	  were my personal markers as I developed the code.  Too many
	  still exist

	* code audit / code review
	  I plan to do a lot of this myself, but am hoping to elicit
	  help from others who would be interesting in helping solidify
	  libSSH

	* speed.  too many bcopy's?  too many many/too big arrays

	* configure script, one general header to install(?)

	* create a better sample unix client


        ---
	I would really like to hear from people about what else needs/should
	be changed.  The above list may be rather large now, but I think
	if I am able to allocate dedicated time each week to libSSH, the 
	list will quickly diminish.



PROBLEMS
	multi-threaded environments may do weird things.  The
	encipherment and decipherment initialization vectors are
	separate and shouldn't conflict.  Nevertheless, there may
	be some adverse side-effects.


