[or-cvs] r14748: discard the old TODO file, so people don't read it (or worse (tor/branches/tor-0_2_0-patches/doc)

arma at seul.org arma at seul.org
Tue May 27 18:58:05 UTC 2008


Author: arma
Date: 2008-05-27 14:58:05 -0400 (Tue, 27 May 2008)
New Revision: 14748

Modified:
   tor/branches/tor-0_2_0-patches/doc/TODO
Log:
discard the old TODO file, so people don't read it (or worse, write it).


Modified: tor/branches/tor-0_2_0-patches/doc/TODO
===================================================================
--- tor/branches/tor-0_2_0-patches/doc/TODO	2008-05-27 18:15:52 UTC (rev 14747)
+++ tor/branches/tor-0_2_0-patches/doc/TODO	2008-05-27 18:58:05 UTC (rev 14748)
@@ -1,567 +1,4 @@
-$Id$
-Legend:
-SPEC!!  - Not specified
-SPEC    - Spec not finalized
-N       - nick claims
-R       - arma claims
-P       - phobos claims
-S       - Steven claims
-M       - Matt/Mike claims
-J       - Jeff claims
-I       - ioerror claims
-        - Not done
-        * Top priority
-        . Partially done
-        o Done
-        d Deferrable
-        D Deferred
-        X Abandoned
 
-=======================================================================
+This file is obsolete. Go look at the one in trunk, e.g.
+https://www.torproject.org/svn/trunk/doc/TODO
 
-For Tor 0.2.0.x-rc:
-R - Figure out the autoconf problem with adding a fallback consensus.
-R - add a geoip file
-W   - figure out license
-R - let bridges set relaybandwidthrate as low as 5kb
-R - bug: if we launch using bridges, and then stop using bridges, we
-    still have our bridges in our entryguards section, and may use them.
-  . make it easier to set up a private tor network on your own computer
-    is very hard.
-R   . FAQ entry which is wrong
-  o Make BEGIN_DIR mandatory for asking questions of bridge authorities?
-    (but only for bridge descriptors. not for ordinary cache stuff.)
-    o Implement connection_dir_is_encrypted().
-    o set up a filter to not answer any bridge descriptors on a
-      non-encrypted request
-  o write a tor-gencert man page
-
-N . geoip caching and publishing for bridges
-    d Track consecutive time up, not time since last-forgotten IP.
-    - Mention in dir-spec.txt
-    - Mention in control-spec.txt
-    D have normal relays report geoip stats too.
-    D different thresholds for bridges than for normal relays.
-    o bridge relays round geoip stats *up*, not down.
-R - bridge communities
-    . spec
-    . deploy
-      - man page entries for Alternate*Authority config options
-
-Things we'd like to do in 0.2.0.x:
-  o if we notice a cached-status directory and we're not serving v2 dir
-    info and it's old enough, delete it.
-     o same with cached-routers*.
-N - document the "3/4 and 7/8" business in the clients fetching consensus
-    documents timeline.
-R   - then document the bridge user download timeline.
-
-N - Before the feature freeze:
-    - 105+TLS, if possible.
-      . TLS backend work
-        . Enable.
-      - Test
-        o Verify version negotiation on client
-        o Verify version negotiation on server
-        o Verify that client->server connection becomes open
-        - Verify that server->server connection becomes open and
-          authenticated.
-        - Verify that initiator sends no cert in first stage of TLS
-          handshake.
-      - NETINFO fallout
-        - Don't extend a circuit over a noncanonical connection with
-          mismatched address.
-        - Learn our outgoing IP address from netinfo cells?
-
-  - Bugs.
-     - Bug reports Roger has heard along the way that don't have enough
-        details/attention to solve them yet.
-        - arma noticed that when his network went away and he tried
-          a new guard node and the connect() syscall failed to it,
-          the guard wasn't being marked as down. 0.2.0.x.
-        - after being without network for 12 hours, arma's tor decided
-          it couldn't fetch any network statuses, and never tried again
-          even when the network came back and arma clicked on things.
-          also 0.2.0.
-R       - for above two, roger should turn them into flyspray entry.
-
-  - Proposals:
-    o 101: Voting on the Tor Directory System (plus 103)
-N     - Use if-modified-since on consensus download
-      - Controller support
-        D GETINFO to get consensus
-N       - Event when new consensus arrives
-    . 111: Prioritize local traffic over relayed.
-R     - Merge into tor-spec.txt.
-
-  - Refactoring:
-    . Make cells get buffered on circuit, not on the or_conn.
-      . Switch to pool-allocation for cells?
-N       - Benchmark pool-allocation vs straightforward malloc.
-N       - Adjust memory allocation logic in pools to favor a little less
-          slack memory.
-    . Remove socketpair-based bridges conns, and the word "bridge".  (Use
-      shared (or connected) buffers for communication, rather than sockets.)
-      . Implement
-N       - Handle rate-limiting on directory writes to linked directory
-          connections in a more sensible manner.
-          Nick thinks he did this already?
-N       - Find more ways to test this.
-          (moria doesn't rate limit, so testing on moria not so good.)
-
-  - Documentation
-    - HOWTO for DNSPort. See tup's wiki page.
-    . Document transport and natdport in a good HOWTO.
-N   - Quietly document NT Service options: revise (or create) FAQ entry
-
-R - make sure you solved bug 556
-
-P - Make documentation realize that location of system configuration file
-    will depend on location of system defaults, and isn't always /etc/torrc.
-P - Figure out why dll's compiled in mingw don't work right in WinXP.
-P - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle
-
-=======================================================================
-
-Planned for 0.2.1.x:
-  - Things that have been bugging Nick
-    - Make better use of multi-core machines: Do AES crypto and
-      compression in worker threads
-    - Maybe use jemalloc from freebsd via firefox 3, once its windows
-      and osx ports are more mature.
-    - MMap the cached-descriptors.new file as well as the regular ones
-    - Actually use SSL_shutdown to close our TLS connections.
-    - Refactor the HTTP logic so the functions aren't so large.
-    - Get a "use less buffer ram" patch into openssl.
-    - Get IOCP patch into libevent
-    - Use libevent's evdns code where applicable.
-    - Refactor buf_read and buf_write to have sensible ways to return
-      error codes after partial writes
-    - Improve unit test coverage
-    - Logging domains.
-
-  - bridge communities with local bridge authorities:
-    - clients who have a password configured decide to ask their bridge
-      authority for a networkstatus
-    - be able to have bridges that aren't in your torrc. save them in
-      state file, etc.
-  - router_choose_random_node() has a big pile of args. make it "flags".
-  - Consider if we can solve: the Tor client doesn't know what flags
-    its bridge has (since it only gets the descriptor), so it can't
-    make decisions based on Fast or Stable.
-  - anonymity concern: since our is-consensus-fresh-enough check is
-    sloppy so clients will actually work when a consensus wasn't formed,
-    does that mean that if users are idle for 5 hours and then click on
-    something, we will immediately use the old descriptors we've got,
-    while we try fetching the newer descriptors?
-    related to bug 401.
-  . Finish path-spec.txt
-  - More prominently, we should have a recommended apps list.
-    - recommend pidgin (gaim is renamed)
-    - unrecommend IE because of ftp:// bug.
-  - we should add a preamble to tor-design saying it's out of date.
-  - Refactor networkstatus generation:
-    - Include "v" line in getinfo values.
-  - config option __ControllerLimit that hangs up if there are a limit
-    of controller connections already.
-  - Features (other than bridges):
-    - Audit how much RAM we're using for buffers and cell pools; try to
-      trim down a lot.
-    - Base relative control socket paths on datadir.
-    - Make TrackHostExits expire TrackHostExitsExpire seconds after their
-       *last* use, not their *first* use.
-P - Plan a switch to polipo.  Perhaps we'll offer two http proxies in
-    the future.
-P - Consider creating special Tor-Polipo-Vidalia test packages,
-    requested by Dmitri Vitalev
-  - Create packages for Nokia 800, requested by Chris Soghoian
-  - mirror tor downloads on (via) tor dir caches
-    . spec
-    - deploy
-  - interface for letting soat modify flags that authorities assign
-    . spec
-  - proposal 118 if feasible and obvious
-  - Maintain a skew estimate and use ftime consistently.
-  - Tor logs the libevent version on startup, for debugging purposes.
-    This is great. But it does this before configuring the logs, so
-    it only goes to stdout and is then lost.
-  - Deprecations:
-    - can we deprecate 'getinfo network-status'?
-    - can we deprecate the FastFirstHopPK config option?
-  - Bridges:
-    . Bridges users (rudimentary version)
-      . Ask all directory questions to bridge via BEGIN_DIR.
-        - use the bridges for dir fetches even when our dirport is open.
-      - drop 'authority' queries if they're to our own identity key; accept
-        them otherwise.
-      - give extend_info_t a router_purpose again
-  d Limit to 2 dir, 2 OR, N SOCKS connections per IP.
-    - Or maybe close connections from same IP when we get a lot from one.
-    - Or maybe block IPs that connect too many times at once.
-  - Do TLS connection rotation more often than "once a week" in the
-    extra-stable case.
-  - Streamline how we pick entry nodes: Make choose_random_entry() have
-    less magic and less control logic.
-  - when somebody uses the controlport as an http proxy, give them
-    a "tor isn't an http proxy" error too like we do for the socks port.
-  - we try to build 4 test circuits to break them over different
-    servers. but sometimes our entry node is the same for multiple
-    test circuits. this defeats the point.
-  - enforce a lower limit on MaxCircuitDirtiness and CircuitBuildTimeout.
-  - configurable timestamp granularity. defaults to 'seconds'.
-  - consider making 'safelogging' extend to info-level logs too.
-  - we should consider a single config option TorPrivateNetwork that
-    turns on all the config options for running a private test tor
-    network. having to keep updating all the tools, and the docs,
-    just isn't working.
-  - consider whether a single Guard flag lets us distinguish between
-    "was good enough to be a guard when we picked it" and "is still
-    adequate to be used as a guard even after we've picked it". We should
-    write a real proposal for this.
-  - switch out privoxy in the bundles and replace it with polipo.
-  - make the new tls handshake blocking-resistant.
-  - figure out some way to collect feedback about what countries are using
-    bridges, in a way that doesn't screw anonymity too much.
-  - let tor dir mirrors proxy connections to the tor download site, so
-    if you know a bridge you can fetch the tor software.
-  - more strategies for distributing bridge addresses in a way that
-    doesn't rely on knowing somebody who runs a bridge for you.
-  - A way to adjust router status flags from the controller.  (How do we
-    prevent the authority from clobbering them soon afterward?)
-  - Bridge authorities should do reachability testing but only on the
-    purpose==bridge descriptors they have.
-  - Clients should estimate their skew as median of skew from servers
-    over last N seconds.
-  - Investigate RAM use in Tor servers.
-  - Start on the WSAENOBUFS solution.
-  - Start on Windows auto-update for Tor
-
-Deferred from 0.2.0.x:
-  - Proposals
-    - 113: Simplifying directory authority administration
-    - 110: prevent infinite-length circuits (phase one)
-    - 118: Listen on and advertise multiple ports:
-      - Tor should be able to have a pool of outgoing IP addresses that it is
-        able to rotate through. (maybe.  Possible overlap with proposal 118.)
-      - config option to publish what ports you listen on, beyond
-        ORPort/DirPort.  It should support ranges and bit prefixes (?) too.
-        (This is very similar to proposal 118.)
-    - 117: IPv6 Exits
-      - Internal code support for ipv6:
-        o Clone ipv6 functions (inet_ntop, inet_pton) where they don't exist.
-        - Most address variables need to become tor_addr_t
-        - Teach resolving code how to handle ipv6.
-        - Teach exit policies about ipv6 (consider ipv4/ipv6 interaction!)
-  - Features
-    - Let controller set router flags for authority to transmit, and for
-      client to use.
-    - add an 'exit-address' line in the descriptor for servers that exit
-      from something that isn't their published address.
-    - More work on AvoidDiskWrites?
-  - Features
-    - Make a TCP DNSPort
-  - Protocol work
-    - MAYBE kill stalled circuits rather than stalled connections.  This is
-      possible thanks to cell queues, but we need to consider the anonymity
-      implications.
-    - Implement TLS shutdown properly when possible.
-  - Bugs
-    - If the client's clock is too far in the past, it will drop (or just not
-      try to get) descriptors, so it'll never build circuits.
-  - Refactoring
-    - Make resolves no longer use edge_connection_t unless they are actually
-      _on_ a socks connection: have edge_connection_t and (say)
-      dns_request_t both extend an edge_stream_t, and have p_streams and
-      n_streams both be linked lists of edge_stream_t.
-    - Generate torrc.{complete|sample}.in, tor.1.in, the HTML manual, and the
-      online config documentation from a single source.
-    - Move all status info out of routerinfo into local_routerstatus.  Make
-      "who can change what" in local_routerstatus explicit.  Make
-      local_routerstatus (or equivalent) subsume all places to go for "what
-      router is this?"
-  - Blocking/scanning-resistance
-    - It would be potentially helpful to respond to https requests on
-      the OR port by acting like an HTTPS server.
-    - Do we want to maintain our own set of entryguards that we use as
-      next hop after the bridge? Open research question; let's say no
-      for 0.2.0 unless we learn otherwise.
-    - Some mechanism for specifying that we want to stop using a cached
-      bridge.
-  - Build:
-    - Detect correct version of libraries from autoconf script.
-
-=======================================================================
-
-Future versions:
-  - deprecate router_digest_is_trusted_dir() in favor of
-    router_get_trusteddirserver_by_digest()
-
-  - See also Flyspray tasks.
-  - See also all OPEN/ACCEPTED proposals.
-  - See also all items marked XXXX and FFFF in the code.
-
-  - Protocol:
-    - Our current approach to block attempts to use Tor as a single-hop proxy
-      is pretty lame; we should get a better one.
-    - Allow small cells and large cells on the same network?
-    - Cell buffering and resending. This will allow us to handle broken
-      circuits as long as the endpoints don't break, plus will allow
-      connection (tls session key) rotation.
-    - Implement Morphmix, so we can compare its behavior, complexity,
-      etc.  But see paper breaking morphmix.
-    - Other transport. HTTP, udp, rdp, airhook, etc. May have to do our own
-      link crypto, unless we can bully DTLS into it.
-    - Need a relay teardown cell, separate from one-way ends.
-      (Pending a user who needs this)
-    - Handle half-open connections: right now we don't support all TCP
-      streams, at least according to the protocol. But we handle all that
-      we've seen in the wild.
-      (Pending a user who needs this)
-
-  - Directory system
-    - BEGIN_DIR items
-      X turn the received socks addr:port into a digest for setting .exit
-      - handle connect-dir streams that don't have a chosen_exit_name set.
-    - Have a "Faster" status flag that means it. Fast2, Fast4, Fast8?
-    - Add an option (related to AvoidDiskWrites) to disable directory
-      caching.  (Is this actually a good idea??)
-    - Add d64 and fp64 along-side d and fp so people can paste status
-      entries into a url. since + is a valid base64 char, only allow one
-      at a time. Consider adding to controller as well.
-    - Some back-out mechanism for auto-approval on authorities
-      - a way of rolling back approvals to before a timestamp
-        - Consider minion-like fingerprint file/log combination.
-    - Have new people be in limbo and need to demonstrate usefulness
-      before we approve them.
-
-  - Hidden services:
-    - Standby/hotswap/redundant hidden services.
-    . Update the hidden service stuff for the new dir approach.  (Much
-      of this will be superseded by 114.)
-      - switch to an ascii format, maybe sexpr?
-      - authdirservers publish blobs of them.
-      - other authdirservers fetch these blobs.
-      - hidserv people have the option of not uploading their blobs.
-      - you can insert a blob via the controller.
-      - and there's some amount of backwards compatibility.
-      - teach clients, intro points, and hidservs about auth mechanisms.
-      - come up with a few more auth mechanisms.
-    - auth mechanisms to let hidden service midpoint and responder filter
-      connection requests.
-    - Let each hidden service (or other thing) specify its own
-      OutboundBindAddress?
-    - Hidserv offerers shouldn't need to define a SocksPort
-
-  - Server operation
-    X When we notice a 'Rejected: There is already a named server with
-      this nickname' message... or maybe instead when we see in the
-      networkstatuses that somebody else is Named with the name we
-      want: warn the user, send a STATUS_SERVER message, and fall back
-      to unnamed.
-    - If the server is spewing complaints about raising your ulimit -n,
-      we should add a note about this to the server descriptor so other
-      people can notice too.
-    - When we hit a funny error from a dir request (eg 403 forbidden),
-      but tor is working and happy otherwise, and we haven't seen many
-      such errors recently, then don't warn about it.
-
-  - Controller
-    - Implement missing status events and accompanying getinfos
-      - DIR_REACHABLE
-      - BAD_DIR_RESPONSE (Unexpected directory response; maybe we're behind
-        a firewall.)
-      - BAD_PROXY (Bad http or https proxy)
-      - UNRECOGNIZED_ROUTER (a nickname we asked for is unavailable)
-      - Status events related to hibernation
-      - something about failing to parse our address?
-        from resolve_my_address() in config.c
-      - sketchy OS, sketchy threading
-      - too many onions queued: threading problems or slow CPU?
-    - Implement missing status event fields:
-      - TIMEOUT on CHECKING_REACHABILITY
-    - GETINFO status/client, status/server, status/general: There should be
-      some way to learn which status events are currently "in effect."
-      We should specify which these are, what format they appear in, and so
-      on.
-    - More information in events:
-      - Include bandwidth breakdown by conn->type in BW events.
-      - Change circuit status events to give more details, like purpose,
-        whether they're internal, when they become dirty, when they become
-        too dirty for further circuits, etc.
-      - Change stream status events analogously.
-    - Expose more information via getinfo:
-      - import and export rendezvous descriptors
-      - Review all static fields for additional candidates
-    - Allow EXTENDCIRCUIT to unknown server.
-      - We need some way to adjust server status, and to tell tor not to
-        download directories/network-status, and a way to force a download.
-      - Make everything work with hidden services
-
-  - Performance/resources
-    - per-conn write buckets
-    - separate config options for read vs write limiting
-      (It's hard to support read > write, since we need better
-       congestion control to avoid overfull buffers there.  So,
-       defer the whole thing.)
-    - Look into pulling serverdescs off buffers as they arrive.
-    - Rate limit exit connections to a given destination -- this helps
-      us play nice with websites when Tor users want to crawl them; it
-      also introduces DoS opportunities.
-    - Consider truncating rather than destroying failed circuits,
-      in order to save the effort of restarting.  There are security
-      issues here that need thinking, though.
-    - Handle full buffers without totally borking
-    - Rate-limit OR and directory connections overall and per-IP and
-      maybe per subnet.
-
-  - Misc
-    - Hold-open-until-flushed now works by accident; it should work by
-      design.
-    - Display the reasons in 'destroy' and 'truncated' cells under
-      some circumstances?
-    - Make router_is_general_exit() a bit smarter once we're sure what
-      it's for.
-    - Automatically determine what ports are reachable and start using
-      those, if circuits aren't working and it's a pattern we
-      recognize ("port 443 worked once and port 9001 keeps not
-      working").
-
-  - Security
-    - some better fix for bug #516?
-    - don't do dns hijacking tests if we're reject *:* exit policy?
-      (deferred until 0.1.1.x is less common)
-    - Directory guards
-    - Mini-SoaT:
-      - Servers might check certs for known-good ssl websites, and if
-        they come back self-signed, declare themselves to be
-        non-exits.  Similar to how we test for broken/evil dns now.
-      - Authorities should try using exits for http to connect to some
-        URLS (specified in a configuration file, so as not to make the
-        List Of Things Not To Censor completely obvious) and ask them
-        for results.  Exits that don't give good answers should have
-        the BadExit flag set.
-      - Alternatively, authorities should be able to import opinions
-        from Snakes on a Tor.
-    - More consistent error checking in router_parse_entry_from_string().
-      I can say "banana" as my bandwidthcapacity, and it won't even squeak.
-    - Bind to random port when making outgoing connections to Tor servers,
-      to reduce remote sniping attacks.
-    - Audit everything to make sure rend and intro points are just as
-      likely to be us as not.
-    - Do something to prevent spurious EXTEND cells from making
-      middleman nodes connect all over.  Rate-limit failed
-      connections, perhaps?
-    - DoS protection: TLS puzzles, public key ops, bandwidth exhaustion.
-
-  - Needs thinking
-    - Now that we're avoiding exits when picking non-exit positions,
-      we need to consider how to pick nodes for internal circuits. If
-      we avoid exits for all positions, we skew the load balancing. If
-      we accept exits for all positions, we leak whether it's an
-      internal circuit at every step. If we accept exits only at the
-      last hop, we reintroduce Lasse's attacks from the Oakland paper.
-
-  - Windows server usability
-    - Solve the ENOBUFS problem.
-      - make tor's use of openssl operate on buffers rather than sockets,
-        so we can make use of libevent's buffer paradigm once it has one.
-      - make tor's use of libevent tolerate either the socket or the
-        buffer paradigm; includes unifying the functions in connect.c.
-    - We need a getrlimit equivalent on Windows so we can reserve some
-      file descriptors for saving files, etc. Otherwise we'll trigger
-      asserts when we're out of file descriptors and crash.
-    - Merge code from Urz into libevent
-    - Make Tor use evbuffers.
-
-  - Documentation
-    - a way to generate the website diagrams from source, so we can
-      translate them as utf-8 text rather than with gimp. (svg? or
-      imagemagick?)
-    . Flesh out options_description array in src/or/config.c
-    . multiple sample torrc files
-    . figure out how to make nt service stuff work?
-      . Document it.
-    - Refactor tor man page to divide generally useful options from
-      less useful ones?
-    - Add a doxygen style checker to make check-spaces so nick doesn't drift
-       too far from arma's undocumented styleguide.  Also, document that
-       styleguide in HACKING.  (See r9634 for example.)
-       - exactly one space at beginning and at end of comments, except i
-         guess when there's line-length pressure.
-       - if we refer to a function name, put a () after it.
-       - only write <b>foo</b> when foo is an argument to this function.
-       - doxygen comments must always end in some form of punctuation.
-       - capitalize the first sentence in the doxygen comment, except
-         when you shouldn't.
-       - avoid spelling errors and incorrect comments. ;)
-
-  - Packaging
-    - The Debian package now uses --verify-config when (re)starting,
-      to distinguish configuration errors from other errors. Perhaps
-      the RPM and other startup scripts should too?
-    - add a "default.action" file to the tor/vidalia bundle so we can
-      fix the https thing in the default configuration:
-      http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#PrivoxyWeirdSSLPort
-
-  - Related tools
-    - Patch privoxy and socks protocol to pass strings to the browser.
-
-=======================================================================
-
-Documentation, non-version-specific.
-  - Specs
-    - Mark up spec; note unclear points about servers
-NR  - write a spec appendix for 'being nice with tor'
-    - Specify the keys and key rotation schedules and stuff
-  - Mention controller libs someplace.
-  - Remove need for HACKING file.
-  - document http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy on freebsd and osx
-P - figure out why x86_64 won't build rpms from tor.spec
-P - figure out spec files for bundles of vidalia-tor-polipo
-P - figure out polipo install scripts for bundles of vidalia-tor-polipo on osx, win32
-  - figure out selinux policy for tor
-P - change packaging system to more automated and specific for each
-     platform, suggested by Paul Wouter
-P - Setup repos for redhat and suse rpms & start signing the rpms the
-    way package management apps prefer
-
-Website:
-J  - tor-in-the-media page
-P  - Figure out licenses for website material.
-    (Phobos reccomends the Open Publication License with Option A at
-    http://opencontent.org/openpub/)
-P  - put the logo on the website, in source form, so people can put it on
-    stickers directly, etc.
-P  - put the source image for the stickers on the website, so people can
-    print their own
-P - figure out a license for the logos and docs we publish (trademark
-figures into this)
-    (Phobos reccomends the Open Publication License with Option A at
-    http://opencontent.org/openpub/)
-R - make a page with the hidden service diagrams.
-P  - ask Jan/Jens to be the translation coordinator? add to volunteer page.
-  - add a page for localizing all tor's components.
-  - It would be neat if we had a single place that described _all_ the
-    tor-related tools you can use, and what they give you, and how well they
-    work.  Right now, we don't give a lot of guidance wrt
-    torbutton/foxproxy/privoxy/polipo in any consistent place.
-P - create a 'blog badge' for tor fans to link to and feature on their
-    blogs. A sample can be found at http://interloper.org/tmp/tor/tor-button.png
-
-  - Tor mirrors
-    - make a mailing list with the mirror operators
-    - make an automated tool to check /project/trace/ at mirrors to
-      learn which ones are lagging behind.
-    - auto (or manually) cull the mirrors that are broken; and
-      contact their operator?
-    - a set of instructions for mirror operators to make their apaches
-      serve our charsets correctly, and bonus points for language
-      negotiation.
-    - figure out how to load-balance the downloads across mirrors?
-    - ponder how to get users to learn that they should google for
-      "tor mirrors" if the main site is blocked.
-    - find a mirror volunteer to coordinate all of this
-
-Blog todo:
-  - Link to the blog from the main Tor website
-



More information about the tor-commits mailing list