TODO                                                            -*- outline -*-
====


Most new TODO items are marked @todo in the source code and listed in
the Doxygen-generated documentation in doc/schroot/html/todo.html


PLANNED
-------

* Add API to run multiple commands to replace auth::run().

* Add permissions checking

Both to run-parts, to ensure that shell scripts are owned by root and
not world writable (as for config files).  And also add the same
permissions check to script-config files.

* Generalise permissions checking

Create a standard function which can use either stat, fstat or lstat
and test for particular permissions.


POTENTIAL
---------

* Add a SbuildChrootXen chroot type for Xen hosts.

  This will require setup scripts for e.g. hostname and network setup.
  It will require DHCP or static IP configuration and a dynamic
  hostname in order to connect.

* Use of passwd/group databases should be thread-safe

  - Use the _r variants of getpw*, getgr*.

* Add tests for

** Auth
** AuthConv
** AuthConvTty
** AuthMessage
** Session
** schroot::Options
** schroot_releaselock::Options

None of these are urgent and/or are difficult to test in an automated
fashion.  expect might be useful for testing the PAM wrappers.

* Add tests for dchroot and dchroot-dsa classes.

* Line reporting while parsing config files misses file name.

  log_warning() is used, because we don't throw an exception.  The
  code has no knowledge of the file name, so can't report it.
  Outright errors throw, and the handler adds the needed context.

