/TODO (0418946bd5fc97da80f0bbd2e918c657536c01e6) (190331 bytes) (mode 100644) (type blob)

== Always ==
[ ] Always make sure we link the docs from the Features page.
[ ] Upgrade rocketgit.com to the new version.
[ ] Announce internal users.

== After deploy on rocketgit.com ==
[ ] Resync nginx conf on rg2 (because ws builder?).
[ ] Activate rocketgit-git.socket.
[ ] Switch worker@com to websocket (on r1).
[ ] docker + VM image
[ ] old environments are present in the list! At least on dev1.
	Store the last update date (or the worker id) and do not show the
	old ones.
[ ] Check if SELinux module is inserted.
[ ] Announce RLUG
[ ] Announce LWN
[ ] Announce DevClass
[ ] Announce build jobs users that now is working.
[ ] Partner with Solo Keys?
[ ] Enable disabled environments.
[ ] We should not disable CentOS7. Only CentOS8! At least on r1 it is disabled!
[ ] 

== next release ==
[ ] Add in comparison where (country) they are hosted.
[ ] Anybody with a build can dirty pkg_subrepos? It should not happen.
[ ] 'is_resource' may not be correct for latest PHP.
[ ] When a new distro is added, the dotrepo is not built automatically!
	I think this is done at push time. This is true for "Fedora 36".
	Let's see what happens on Fedora 37.
[ ] We need a 'latest' for http://rocketgit.com/op/pkgrepo/main/global/testing
	/fedora/36/x86_64/os/rocketgit-global-testing-1.1-1.noarch.rpm
[ ] Prod: https://rocketgit.com/user/catalinux/rgfs/pkg
	"Major version: rawhide (0)"
[ ] Cannot delete jobs from https://rocketgit.com/op/settings/workers/queue
	Seems there is no support. build.inc.php must be changed to be in line
	with other files.
[ ] Seems the update of keys still happens with key_id as string, even from the code I apply intval().
	Probably I need to do correct binding of parameters.
	Seems I cannot set the type of parameters. Something is very strange there.
[ ] https://rocketgit.com/op/settings/workers/queue shows '@@x@@' output!
	env=rocky-8-x86_64
	url=ssh://rocketgit@ssh.rocketgit.com/user/catalinux/ninedogs
	head=0cf2be651bd2a2f93fe0af1c4bd56a11910791c5
	hook_id=4
	Machine started at @@status::vm_start_nice@@
	Clone took @@status::clone_elap_nice@@
	Script started at @@status::build_sh_start_nice@@
	@@status_packages@@
[ ] workers: instead of showing the hook_id, we should put a likn to it!
[ ] When you delete an account, we must also clean the cache.
[ ] Seems we are not matching pushes by tag!
	Should we push in 'stable' branch?
	We should not build by tag AND by 'push commit'.
[ ] Seems that for Debian, a new VM is started for building the repo, which is not correct!
	See job 2009 (orig job_id 2007)!
	It is about .dev signing with global key.
	But, it seems nothing happens in 2009!
	Because +pending/2007 is missing, because those files where already processed.
	Should we put the "dirty" debs into another dir? Or we should not remove them
	when processing?
	I hope the pkg repo id 1 key is not provided in job 2007!

	So, the files are creted in 1/1/debian/bullseye/main/source/+pending/2007
		I just have to be sure that the after build event does not process dirty
		repos.
	I will search the event to see what pkg repo ids I processed (events-20220316.log)!
		07:43:32.043         DEBUG: pkg_subrepo_id 2
		07:43:32.043         DEBUG: subrepo is marked dirty, skip this step
		So, I am doing this!

	It is possible job 2007 is cleaning also global +pending folders! I need to log the removing!
	Loghez si stergerea folder-elor, asa ca sper sa vad cine sterge +pending pentru global!

	Solved! It was the thing that the build of deb failed because of an extra space in conffiles!

[ ] Set a bigger receive buffer on the virtio port to not lose messages?
[ ] 

== Next next release ==
[ ] Would be nice to see what webhooks will execute after a push.
	Maybe the events system can pass back some information to be shown to the user.
[ ] Clone by git (eg ninedogs) failes to checkout files.
[ ] I am showing this and I think the second message should not be sent anymore (hm, I think is not mine):
	RocketGit: Error: you have no IPs validated; run 'ssh rocketgit@ssh.rocketgit.com totp' for help
	fatal: Could not read from remote repository.
	Please make sure you have the correct access rights
	and the repository exists.
[ ] If build fails, we should not parse artifcats.
[ ] Artifacts: set ETag! Also for other downloadable content.
[ ] Allow artifacts to be generated only for some branch.
[ ] Link artifacts with the build job.
[ ] When generating links, '/' is doubled:
	https://rocketgit.com/user/catalinux/ninedogs/artifacts/list//docs
[ ] When I activate a new environment, maybe I should allow to rebuild all
	repos (already present in other repositories).
[ ] Allow user to control values from dotrepo file.
[ ] Order pkg repo distros by version DESC.
[ ] When looking for distinct user agent, do limit the search in the past?
	Now it takes around 30s.
[ ] SELinux Relabel only on install, not on update?
	Or do not relabel big directories?
[ ] We should not pack .gitignore files! At least on Debian.
[ ] On Debian, php-fpm is versioned! Use a helper to execute the best php-fpm!
[ ] On Debian, the user is www-data, not apache. [php-fpm conf]
	If I comment listen.acl_users, only www-data can connect, which is fine.
	What about fedora?
[ ] If we cannot build the deb package, we should not start a second job for
	signing global debs. Seems we have the test, but somehow it is not working.
	Seems we have the source built.
[ ] We may want to emulate the dpkg-sig command, to not start a new VM.
[ ] In general, if a user has access in an area, we do not list those areas.
	Example: pkg (sub)repo.
[ ] Reorder db columns to be 8 bytes aligned to save space.
[ ] When showing last events for a repo, add also the builds.
	Same for bug's note list. Maybe other places?
[ ] pkg: rpm: add a posibility to get latest version available for a dotrepo package.
	Now, in rgw, for example, we need to hardcode the version.
	If the user does not specify the version, get the latest.
[ ] Admin cannot edit/delete Global pkg repo.
[ ] Profile seems to not be sorted by time.
[ ] prof: do we need "db_conn" and "db_c_ms"?
[ ] test: gpg.php: does 3 selects from state table! Maybe cache is disabled?
[ ] Full distro_info is sent when a job is sent to worker!
[ ] When I exec commands, seems there is always a 'sleep(1)' there.
	Seen on VM stop, when making links to the image.
[ ] List also pkg repos where a user has access!
[ ] Show what wh will be run when pushing.
[ ] Allow a push (not commit) to control environment for wh.
[ ] Add a wh for "delete repo"?
[ ] Allow individual package files to be downloaded.
[ ] Add info for deb/rpm + debug packages.
[ ] Seems pushing tags does not trigger a build!
[ ] Cloning by 'git'/'https' seems to not work (at least force_bind project):
	warning: remote HEAD refers to nonexistent ref, unable to checkout.
[ ] Allow admins to set notifications (Matrix/Slack) for different operations.
[ ] Store rgfs traffic in job (maybe we need to charge it)?
[ ] Add cpu load/other stats per every block of output!
[ ] I am calling rg_env_info in several places, but I do not know if it is enabled or not.
[ ] On the main git repository page I should have a link to the pkg repo (if available).
[ ] User Packages page: tell the user that he needs to add a webhook.
	Can we do it with a simple button press?
[ ] For conn type 'pkgrepo', repo_id is not set, at least for a repo keyring download!
[ ] We need to warn the users to be conservative with the project name
	to be able to build packages for all distributions.
[ ] rpm: howto for installing debug packages for rpm.
[ ] Debian packages
	[ ] list.json may contain sensitive information.
	[ ] Probably I have to copy all fields from the control files.
	== later ==
	[ ] We can use also 'ssh://' for repositories!
	[ ] Move stuff from 'build_one' to 'build' if is better.
	[ ] .debc files may be generated before the copy per repo?
	[ ] Why I need InRelease.json? I can load InRelease directly!
	[ ] 'username'/'repo_id' files in '+pending' may be not needed - we have this info in the job.
	[ ] 'apt' sends 'HTTP_IF_MODIFIED_SINCE' - use it!
	[ ] Support diff files - one per day?
	[ ] I should create checksums in the VM, not on the server. Trust?
	[ ] Do look-up by hash? Any gain? [InRelease: Acquire-By-Hash: yes]
	[ ] ubuntu: we may need other command to install debug packages (.ddeb).
		What about source packages?
[ ] rgfs: we should not update meta on 'write' if was already stored.
	Now we are rewriting the meta! Maybe having a 'create' is enough. We ignore 'write'.
[ ] 

== hook update
15:57:16.484 3c908e Start a=rg_ssh_host=[ssh.rocketgit.com] rg_ssh_port=[22] rg_git_host=[git.rocketgit.com] rg_git_port=[9418] rg_version=[0.73-1] login_uid=[16353] login_url=[/user/binocuser] repo_id=[1238] ip=[84.39.112.106] namespace=[] repo_path=[/var/lib/rocketgit/repos/by_id/00/00/3F/E1/00003FE1/repos/by_id/1238.git] repo_name=[binoc-central] repo_uid=[16353] repo_clone_url_http=[https://rocketgit.com/user/binocuser/binoc-central] log_sid=[3c908e]
15:57:16.487 3c908e _SERVER: GIT_DIR=[.] GIT_EXEC_PATH=[/usr/libexec/git-core] HOME=[/home/rocketgit] PATH=[/usr/libexec/git-core:/usr/bin:/bin] PGAPPNAME=[rg-web-3c908e] PWD=[/usr/share/rocketgit/root] ROCKETGIT_HOST=[rocketgit.com] ROCKETGIT_IP=[84.39.112.106] ROCKETGIT_ITIME=[1602086232.0622] ROCKETGIT_LOGIN_UID=[16353] ROCKETGIT_LOGIN_URL=[/user/binocuser] ROCKETGIT_LOG_SID=[3c908e] ROCKETGIT_REPO_CLONE_URL=[https://rocketgit.com/user/binocuser/binoc-central] ROCKETGIT_REPO_ID=[1238] ROCKETGIT_REPO_NAME=[binoc-central] ROCKETGIT_REPO_PATH=[/var/lib/rocketgit/repos/by_id/00/00/3F/E1/00003FE1/repos/by_id/1238.git] ROCKETGIT_REPO_UID=[16353] ROCKETGIT_SHOW_INFO=[0] SHLVL=[0] USER=[rocketgit] _=[/usr/libexec/git-core/git-receive-pack] PHP_SELF=[hooks/update] SCRIPT_NAME=[hooks/update] SCRIPT_FILENAME=[hooks/update] PATH_TRANSLATED=[hooks/update] DOCUMENT_ROOT=[] REQUEST_TIME_FLOAT=[1602086236.409] REQUEST_TIME=[1602086236] argv=[0=[hooks/update] 1=[refs/namespaces/rg_a7b60b3a/refs/heads/RELEASE] 2=[c3c0daa5a0a3766f68e7fa6b6af051c9f3a0a2c7] 3=[0000000000000000000000000000000000000000]] argc=[4]
15:57:16.488 3c908e refname=refs/namespaces/rg_a7b60b3a/refs/heads/RELEASE old_rev=c3c0daa5a0a3766f68e7fa6b6af051c9f3a0a2c7 new_rev=0000000000000000000000000000000000000000
15:57:16.488 3c908e git_type: obj=c3c0daa5a0a3766f68e7fa6b6af051c9f3a0a2c7
15:57:16.488 3c908e   exec2 [git -c gc.auto=0 cat-file -t 'c3c0daa5a0a3766f68e7fa6b6af051c9f3a0a2c7']
15:57:17.491 3c908e new_rev_type=commit
15:57:17.507 3c908e Internal error: Unknown refname type provided [refs/namespaces/rg_a7b60b3a/refs/heads/RELEASE]
15:57:17.543 3c908e FATAL: Unknown refname type provided [refs/namespaces/rg_a7b60b3a/refs/heads/RELEASE]

== web
/usr/libexec/git-core/git-receive-pack --stateless-rpc '/var/lib/rocketgit/repos/by_id/00/00/3F/E1/00003FE1/repos/by_id/1238.git'

== post-receive
15:58:19.145 3c908e Start namespace= repo_path=/var/lib/rocketgit/repos/by_id/00/00/3F/E1/00003FE1/repos/by_id/1238.git
15:58:19.148 3c908e _SERVER: GIT_DIR=[.] GIT_EXEC_PATH=[/usr/libexec/git-core] GIT_PUSH_OPTION_COUNT=[0] HOME=[/home/rocketgit] PATH=[/usr/libexec/git-core:/usr/bin:/bin] PGAPPNAME=[rg-web-3c908e] PWD=[/usr/share/rocketgit/root] ROCKETGIT_HOST=[rocketgit.com] ROCKETGIT_IP=[84.39.112.106] ROCKETGIT_ITIME=[1602086232.0622] ROCKETGIT_LOGIN_UID=[16353] ROCKETGIT_LOGIN_URL=[/user/binocuser] ROCKETGIT_LOG_SID=[3c908e] ROCKETGIT_REPO_CLONE_URL=[https://rocketgit.com/user/binocuser/binoc-central] ROCKETGIT_REPO_ID=[1238] ROCKETGIT_REPO_NAME=[binoc-central] ROCKETGIT_REPO_PATH=[/var/lib/rocketgit/repos/by_id/00/00/3F/E1/00003FE1/repos/by_id/1238.git] ROCKETGIT_REPO_UID=[16353] ROCKETGIT_SHOW_INFO=[0] SHLVL=[0] USER=[rocketgit] _=[/usr/libexec/git-core/git-receive-pack] PHP_SELF=[hooks/post-receive] SCRIPT_NAME=[hooks/post-receive] SCRIPT_FILENAME=[hooks/post-receive] PATH_TRANSLATED=[hooks/post-receive] DOCUMENT_ROOT=[] REQUEST_TIME_FLOAT=[1602086299.0729] REQUEST_TIME=[1602086299] argv=[0=[hooks/post-receive]] argc=[1]
15:58:19.148 3c908e refname=refs/heads/RELEASE old_rev=c3c0daa5a0a3766f68e7fa6b6af051c9f3a0a2c7 new_rev=41e4c9cd1ec25fa66c7f7af137fd094e35d19646.
15:58:19.148 3c908e refname=refs/heads/nav-shellservice-work old_rev=0000000000000000000000000000000000000000 new_rev=16344c5da3b5347ea2c73049614f5e08032d0917.
15:58:19.148 3c908e refname=refs/heads/origin/RELEASE old_rev=0000000000000000000000000000000000000000 new_rev=41e4c9cd1ec25fa66c7f7af137fd094e35d19646.
15:58:19.148 3c908e refname=refs/heads/origin/TRUNK old_rev=0000000000000000000000000000000000000000 new_rev=41e4c9cd1ec25fa66c7f7af137fd094e35d19646.
15:58:19.148 3c908e refname=refs/heads/upstream/HEAD old_rev=0000000000000000000000000000000000000000 new_rev=41e4c9cd1ec25fa66c7f7af137fd094e35d19646.
15:58:19.148 3c908e refname=refs/heads/upstream/RELEASE old_rev=0000000000000000000000000000000000000000 new_rev=41e4c9cd1ec25fa66c7f7af137fd094e35d19646.
15:58:19.148 3c908e refname=refs/heads/upstream/TRUNK old_rev=0000000000000000000000000000000000000000 new_rev=41e4c9cd1ec25fa66c7f7af137fd094e35d19646.
15:58:19.148 3c908e refname=refs/heads/upstream/nav-shellservice-work old_rev=0000000000000000000000000000000000000000 new_rev=41e4c9cd1ec25fa66c7f7af137fd094e35d19646.
15:58:19.150 3c908e Profiling:                  time_ms runs    mem
15:58:19.150 3c908e del_tree                    2       11      0
15:58:19.150 3c908e post-receive                5       1       0
15:58:19.150 3c908e peak: 4.00 MiB

Seems we are cloning the namespace, before knowing if the user can push!

== FOR OTHER RELEASE ==
[ ] If rpmbuild breaks, seems we are not propagating the error!
[ ] In the .repo/.list files, add a comment on how to list what packages
	are installed from that repo.
[ ] Comunicate the load of the workers (already done?) and choose a worker
	based on load?
[ ] Add also the number of the packages to pkg_repos table.
[ ] For http hooks, add a header to allow people to report abuses.
	Maybe directly a link which will lock the webhook and the
	user ability to add more webhooks?
[ ] Build jobs must not be retried if the fail is in user area.
[ ] job 1756: "Cannot execute"
[ ] An internal error occurred. Please try again later. @@if("@@errmsg@@" != ""){{Details: @@errmsg@@}} 
[ ] On rocketgit.com, I had to do a index on repo_history.
	There are indexes on repo_history_yyyy_mm, but not on the parent table, which has a lot of data!
	I need to move that data!
	Also, re-investigate CHECK to not search all partitions. We have CHECK!
	Or, do incremental searches: if we already have 20 entries in the last repo_history_yyyy_mm,
	do not search anymore. Also, a seq scan is used when the index is ok.
[ ] We should count also rate limit violations.
[ ] We may want to do ratelimit based on how much time a service was used, not by count!
	Or, do by both!
[ ] pkg repo: should I show global ones in the user page?! I think not!
[ ] 'git push --set-upstream origin main' must be added to hints.
	I need to see what variable to use for branch.
[ ] webhook: allow trigger by time.
[ ] Add possibility to "clean" the secrets, for some steps when we do not really trust?
[ ] perf: We should prepare the limit after we send the content to the user,
	to not do a query before rendering any content.
[ ] When showing referer, show also the destination page.
[ ] Validate agains UTF-8 what is passed by the client and reject anything which is not ok.
[ ] repo page: add a link to the builds.
[ ] worker: allow any kind of package installation if the worker is of user type.
[ ] Seems we install dependencies from spec file twice!
[ ] worker: should I tunnel rgfs over the worker connection?
[ ] worker: stats - send also the number of bytes sent/received with builder
	and git clone?
[ ] At push time, I can see if any webhook will match and I can list them!
[ ] Should we 'cut' root access for user workers? Same for net access.
[ ] Validate that URL is UTF-8.
[ ] worker: prevent http:// instalation of packages.
[ ] SELinux: upgrade: I think I remove the module after the installation of
	the new one!
[ ] We may want to not log at all the first line when a bot connects and the load is big.
[ ] dnf install:
	Error in POSTIN scriptlet in rpm package catab+rocketgit
	Running scriptlet: rocketgit-0.73-1.noarch 2/2
	Glob pattern passed to enable, but globs are not supported for this.
	Invalid unit name "rocketgit-worker@*.service" escaped as "rocketgit-worker@\x2a.service".
[ ] Maybe I should not restore whole repo dir! Takes too much!
[ ] Use SELinux booleans to restrict more the VM env.
[ ] Convert builder and worker to systemd serices (sockets).
[ ] webhook: allow user to select pkg repos which should be enabled.
	Pay attention to use only the global ones!
	Maybe use different repos for different packages.
[ ] Allow global repositories browsing.
[ ] If we detect same version, we should increment build number.
	How we detect that version was already built?
	Store it somehow, or check in rgfs?
[ ] We need to distinguish between build fatal errors and non-fatal.
[ ] What happens if the worker is not running? Do we lose 'rgw' messages?
	We should buffer them.
[ ] Describe how to remove RocketGit repositories.
[ ] Explain why we have USERNAME+PROJECT packages names also in private repos.
[ ] pkg_subrepo:distro_info should be exposed on web.
[ ] Add a "Test!" button for webhooks!
[ ] When I list user repositories, I have "Repo: global - public" under "Type: User"
	which seems wrong!
[ ] Add to "Corporate friendly": a link to a frustrations page about current software.
[ ] We can enforce per user the ssh sk security?
[ ] Have a repo a mirror of an official one, in a branch add custom changes,
	auto pull and build packages.
[ ] Promise to never relase version 2.0 - to avoid setbacks for upgrades.
[ ] builder: Should we add '.' to PATH. If I put 'configure' it will not be
	executed, I have to put './configure'.
[ ] Offer RGFS for all user content.
[ ] "Me" and "My repositories" pages seems to do the same thing!
[ ] Do the regular expression pkg repo mapping is checked?
[ ] 'repo map' is not used anymore, right?
[ ] pkg_repos: add stats for users.
[ ] When showing pkg repos, show the number of packages and size.
[ ] pkg_repos: 'Type: global' can be removed if we show only the global repos.
[ ] Tutorials: it is not centered. If I try to set 'margin: auto' on
	'demo_container', the title is also centered.
[ ] pkg_repos: I have demos/TODO where I think we can generate rpms from
	Pyton. Integrate it.
[ ] Move "Packages" settings to 'Admin' section. Now is Settings (of Admin).
	Why? Because we are talking about global repos.
	What about the user? I need to think more, but seems OK how it is now.
[ ] Settings -> Workers -> List
	When browser loses focus, the space between the table and
	the button becomes grey. If I focus the windows, it switches to another
	gray.
[ ] hints: must "stick" to the bottom part of the div.
[ ] We should not allow any uid to edit pkg subrepos! Check also pkg repos.
	Add test.
[ ] pkg_repo: hisnt:  dnf repository-packages <repo_name> list
	(list all packages of a repo)
[ ] For dotrepo, we may want to add 'Group: System Environment/Base'.
[ ] How much is the rpm key expiration?
[ ] pkg: when I am installing a repo, it asks me to confirm the key! Is it normal? Yes.
[ ] 'user_http_git' should not appear in logs if is not the case.
[ ] Add (http_)error_code to 'conns' table.
[ ] We should warn the user when creates a public repo but a private repo?
[ ] worker: we prefix packages with 'job_username' which is incorrect!
	It should be repo_username! Still true?
[ ] pkg: Teach user ow to download debug packages and source packages.
[ ] rgfs configuration is hardcoded! We need an entry in Admin's 'Settings'.
	By default should be the https host and port.
[ ] Add to pkg meta, when createrepo took place. Worker?
[ ] We show how to install the package. We need to show all details, as in
	'Details about all versions', including download button!
[ ] pkg: add a test for rights.
[ ] Using only @@ESCAPE_SHELL_ARG@@ can have security issues (without HTML_SPECIAL:)?
[ ] Add a hint explaining why we have a 'Download' button in the packages page
	for a private repo, instead of a "dnf link" like on a pub repo.
[ ] When creating public repos, do the pkg repo mapping to global.
	I think that without more info about the branching strategy, we cannot do it.
	We may consider it as unstable.
	For private ones, do not.
[ ] When we enable an architecture, should we trigger a rebuild of the dotrepo packages?
	Maybe we should just wait for the first package.
	But, I think the dotrepo is still not built.
	Maybe we should add an event to check that.
[ ] We may need to replace more instances of URL_ENCODE with HTML_SPECIAL.
[ ] When we call rg_pkg_event_generate_dotrepo_rpm, what about the old files
	(using old name of the pkg_repo)?
[ ] If build job return error, do not update distro_info!
	Seems I do not signal if the subtasks finish with success.
[ ] In 'pkg_subrepo_event_regenerate' we have a time race: we do the build and we schedule the
	'generate_dotrepo'. 'generate_dotrepo' may happen first.
	We should do it on a callback?
[ ] Use-case ci3: no user repo, only mapping to global.
[ ] When a pkg (sub)repo name changes, we need to remove old files.
	Maybe we should not allow renaming? Hm.
[ ] Trigger a single build for global repos, not for every subrepo, like it is now.
[ ] The match in 'meta' should be done by repo_id and not by strcmp.
[ ] 'howto' may be stored in distro_info, next to 'pkg_type'?
[ ] Why do I have things in 'pkg_repos/1/1/fedora/34/x86_64/os/+pending/catab'?
[ ] repo pkg: hash password?
[ ] Do we need escaping for the link to the repo package?
[ ] head_link is not encoded properly (/ -> %2f)!
[ ] rocketgit-*-*-ver.noarch.rpm should NOT be associated with a repo_id!
	And should not be stored in meta. Or in a separate meta.
	How to distinguish between them? Different folder? Yes, 'dotrepo'!
[ ] BETWEEK PKG REPO AND PKG SUBREPO THERE IS '-', NO '+'. I think is solved.
[ ] Can I send 404 when a resource does not exists and stil render the current page?
[ ] Add a configurable timeout to rgfs connection.
[ ] I can try to install rpms in a chroot.
[ ] Should we add a link to "Settings" submenu in the "page" page.
	See for example having a settings link for "Packages" page.
[ ] Allow API calls over websocket connection.
[ ] /user/USER/REPO/pkg: show different the 'pending' packages?
[ ] We need to build ETag based on RG version and utime (at least).
[ ] artifacts: we should use etag and compression!
	Probably we need to redo a lot of stuff in that area.
[ ] Notify users (with build hooks) when a new build environment is added.
[ ] Allow users to add/remove extra repositories hosted on rocketgit.
	What about packages which run the srcipts as root?
	Maybe by not running the installation scripts at all?
[ ] Add hints about 'nlink' in pkg and artifacts pages.
[ ] Show on the repo page to which repo(s) it is mapped.
[ ] communicate the name of the app to the cache daemon and use that name.
[ ] race: when inserting into partition tables, we need to use 'itime'
	not 'now'.
[ ] pkg: we should try do identify the .spec file AFTER 'configure' run.
	Think about projects which generate the .spec file (mine included).
[ ] pkg: we should document that .spec dependencies will be extracted
	from that file and there is no need to specify them in the hook..
[ ] worker: do not build rgfs if is not needed!
[ ] If no mappings are added, shouldn't we add the global ones by default?
[ ] Switch for rg_distros to a table (distro,major,arch) to be able to store if
	a dotrepo exists? No, because this info is per subrepo!
	Do not forget that dotrepo is for rpms only!
	There is some value to allow a user to restrict the (sub)repo
		to a subset of distros?
	We can do it also in the json.
	What about a user repo? I think this is triggered by an event. Check.
	We should trigger also for the global repos, to always have them.
	Where should I trigger and what function?
	There are two orthogonal things: distro-major-arch and pkg_subrepos.
		When we enable a distro-major-arch, we need to trigger the build of dotrepo, only for global.
			We should not trigger for all user pkg repos - are too many.
		When we add a pkg_repo, we need to trigger dotrepo for all distro-major-arch.
			Can't we wait till the first package is built?
	WHERE IS THE IMPACT? Where do we show the list of dotrepo links?
		Per repo ("Packages" menu). Maybe it would be wise to filter there first the list
			based on info whether a package is present in that repo?
		Seems it is the only page where I do this, so, no need for now
		to build dotrepo if we do not have at least one package.
		If we will have a dotrepo page where we list all global repos,
		we can still check if we have a dotrepo for that repo.
		I think I should do not worry about this now.
		Let's filter the dotrepo page first, and then we will see from there.
[ ] distros: should a user restrict more what distros should be active?
	Per user/repo?	I think this is already done from webhook.
[ ] rights: we should test if at least one right is granted before allowing
	access to grants tables? Do we need a "See rights" right?
	Where is this needed?!
[ ] rights
	What about 'A' (Admin) rights for a repo? It includes Grant/Revoke?
[ ] 'distros' -> 'envs'?
[ ] Add triggered_by to events for debug/status info.
[ ] Allow admin to set how many time must pass (after confirmation of e-mail)
	before allowing users to execute expensive stuff (webhooks).
[ ] Allow API call over Websocket.
[ ] Allow independent debug settings. For example for worker/builder.
[ ] Add an option to trust X-Forwarded-For.
	What about multiple headers?
[ ] Allow user to delete packages. Policy?
[ ] In /user/catab/ci1/pkg, should we allow download of old versions?
[ ] pkg: add test for a user which access granted to a repo if it can access
	the repo pkg page.
[ ] pkg: what happens if a repo is switched from public to private and the reverse?
[ ] What to do with private repos mapping to global repo?
	Can happen?
[ ] Granting/revoking rights should notify the user involved.
[ ] artifacts: docs: 'see' page: add a screenshot with the artifacts page.
[ ] environments
	The problem: we filter the environment when a worker connects
	to the builder. But we want to allow custom environments
	defined by the user. How to achieve that?
	Maybe we should start investigating what happens when a
	worker connects.
	Probably we need a separate table to keep this information.
	And obsolete environments after a while and when the same workes
	does not probide it anymore.
	Then, we need to migrate from the 'state' to this table.
[ ] Allow artifacts to be stored in S3. Should be easy.
[ ] "Me" page: shot the date of the last push.
[ ] hint: pkg: how to list packages installed from rocketgit.
[ ] I need to report top 20 from the 'elap' time pov.
[ ] We can stream the build process by ssh to a waiting user, now that we have the channel...
[ ] We have graphics for worker. It would be nice to show also the start/end
	of the jobs, including the id.
[ ] Add in Admin report how many e-mails are confirmed.
[ ] build_jobs: add another column with the type of build? 'vm', 'docker' etc.?
[ ] More changes from 'master' to 'main'.
[ ] Audit log for granting/revoking rights?
[ ] rights: repo: be very clear what "Access repo" means!
[ ] events: seems I am starting a transaction and then calling curl!
	And I am doing an UPDATE right before ROLLBACK! Stupid!
[ ] DELETE from events, should be in the same transaction, right? Seems it is not!
[ ] Invalidate e-mail confirmation if user changes the e-mail.
[ ] Tranforms all 'ui_*' passed as parameters to use rg_ui_* inside.
[ ] rg_user_rename seems to not be used!
[ ] 'mail/user/rename' is used but is missing.
[ ] Try to move the call to rg_ip into the called functions.
[ ] We may get ui_login in stats_insert from rg_ui_login, and not passed.
[ ] When connecting by ssh, show also the name of the key (not yet added),
	not only the id.
[ ] Allow users to upload/generates GPG keys and sign the artifacts/other
	things.
[ ] Add possibility to reject pushes with non-signed commits.
[ ] Add a feature to copy rights from a user to another.
[ ] Send in daily report the size of the tables/indexes.
[ ] rights: Maybe we should not show "All" when all (current) rights
	are granted?
[ ] htt: allow a user to download/upload a certificate, so http can act
	as ssh regarding authentication?
[ ] conn: should we also store the http code or the command exit code?
[ ] pkg: allow user to manually remove packages.
[ ] pkg: allow a user to subscribe to an external pkg repo and manually approve
	the flowing of the packages into his.
[ ] pkg: we need to store how many bytes were sent to the client for accounting purposes.
[ ] rpmdeb.com: 15$ for 5GiB storage + 15GiB transfer, 50$ 20+70, 100$ 50+150, 300$ 150+500.
[ ] pkg: when showing the head, show also the commit message?
[ ] Sometow give access to private repositories to other users.
	Notify them when they got access.
[ ] build: how to remove old environments? Aadd a button for admin to delete
	it and mark it as deleted to not how up in the list, even if a
	worker is still using it?
[ ] fido2: a user/org/admin must be able to disable 'no touch' or 'no pin' keys.
	By not setting "no-touch" or by setting "verify-required".
[ ] ssh: admin must be able to disale completely !fido2 keys.
[ ] Make sk options dependent on ssh version? How to get it? Env?
[ ] keys: add hint about resident keys.
[ ] When fetching/pushing it would be nice to show by what protocol and with what key/user/ip etc.
[ ] fido2: admin may enforce attestation. User must use 'write-attestation'
	option and upload the conntent.
[ ] totp: show how much time the connection is still active.
[ ] Fid a solution to prevet mining without requiring a credit card as GitLab.
[ ] Document '-O no-touch-required' and '-O verify-required'.
[ ] Pushing ci1 should map to priv1/stab (25/9). It builds rpms but the repo is not shown.
	Probaly because is private. Check logs.
[ ] conn: split bytes into in/out.
[ ] Get rid of $rg_distros, rg_distros_enabled and rg_distros_enable.
	I think is more "use enabled distros" instead of "removing $rg_distros".
	Where are they used?
	rg_state_get returns all envs, including the disabled ones.
[ ] Store also the number of bytes deleivered in 'conns'. It will be used
	for charging. Done. Graphics are ok because of the -1?
[ ] Pay attention to history (switching from public to private) when recording
	bandwidth and other stuff.
[ ] feature: auto-update container images.
[ ] containers: scan for security.
[ ] Autodetect that AuthorizedKeysCommand is in plae (ssh was restarted)
	and switch automatically, without Admin configuration.
[ ] Add worker_id to meta to be able to add a link to it in pkg page?
[ ] Add posibility to export shell variables for API by ssh.
[ ] build_jobs: We must switch from 'rgw' to the real branch name when we clone a repo.
[ ] How do we give rights for a private repo?
	Maybe when a user downloads the private pkg repo to already have an
	api key inside?
[ ] From time to time send an e-mail just to see that the e-mail is still active?
[ ] When we delete a worker, we should schedule the deletion of stats for it. Any other info?
[ ] Allow user to receive notifications by e-mail about the build.
[ ] Compare: "Usable on slow links".
[ ] Allow a regex for selecting the distro in the webhooks.
[ ] Allow users to call rg_notify with a channel name, defined in webhooks (streaming build log).
[ ] When rg_notify sais DONE, just destroy the VM - do not wait for shutdown!
[ ] When pushing, show the user if the job will trigger some pipelines!
[ ] Show what workers are available per distro (in Admin section)?
[ ] pkg-repo - show how many downloads...
	Show how many downloads of the dotrepo file. I could look into stats (maybe build them by cron)
	or increment at every download.
[ ] We should deal with PostgreSQL restart.
	If we are not in a transaction, just repeat the operation.
	If we are in a transaction, probably we will have to redo all queries, from the beginning.
		This may need some thinking, but I think is doable.
[ ] Why do I need 'rg_distros'?
	- I have to know for what distros to build packages.
	- I have to show this list when a user selects the environment for builder.
	Problems:
	- We restrict a strange distro exported by a user worker.
	Solutions:
	- Keep a list per user? And join it with the global one?
	But, without information about rpm/deb type, I cannot use it anyway.
	Us, not, but the user may deal with that.
	So, probably how it is now it is ok. I have to test.
[ ] I need to figure a way to trigger the recomputing of (sub)repo disk_used_mb.
	Somehow, I may need to instruct rg_wh_build_job_done to add another event.
	I also need to add 'pkg_repo_mb' filed to 'users' table and populate it.
[ ] rgfs must stop at first error.
[ ] Report disk sized and the number of files for pkg repo.
[ ] wh: Add a header when doing the request and test it in index.php.
	If it present, it is clear that the request is local and drop it!
	This is to not test for aspecial id.
[ ] Put "chage" back!
[ ] events: if a prio X event fails, and another one with prio X + n follows,
	but depends on the one with prio X, we have a problem. We should
	not allow the event to continue. Some dependency enforcing.
[ ] pkg: We should not trigger the rebuild if important info did not changed.
[ ] pkg repo: How do I show the list of pkg repos for a git repo?
	- Global repo should be visible in all pkg repo lists? Probably not. Hm.
		How will the users will discover the Global repo? Put it in the footer?
	In Settings/Packages/Repositories:
		- We need instructions to install the repo (links to different
		distros).
	We should check all distro repos if there is a folder with the same name
	as the username and look at the metadata.
	We should just signal if a package is available and link to the
	'install repo' page. We should list all available distros?
[ ] Populate 'distro' state variable in 'Admin' section and by the workers.
[ ] repo_history is not indexed by anything. And, why we need the uid there?!
	It is indexed by itime. Should it be also by repo_id?
[ ] I hope worker does not connect to the database!
	We do not want a compomised worker to be able to dump the db!
[ ] builder: signal if the user wants to reuse the old image. Charge for keeping it!
[ ] 

[ ] packages:
	- Switch to events to delete repos/subrepos/mappings.
		Why? Because we also need to clean the files stored in fs.
	- Default mapping should be in Global/testing?
	- We need to re-trigger the rebuilding of the pkg sub-repos when we update pkg repo.
	Why? Because of the name changed?
	- I need to separate the two steps: the building and the repo re-building.
		The build should only trigger the rebuild of the repos.
		But, we have the machine started, we could also do the repo re-build.
		They will be completely different steps. Because a user can install
		from rocketgit pkg repo, and the user can execute things as root.
		We should allow random repository installation.
	- Allow a comment in the commit message to generate some tagging of the
	packages to be seen as a CVE/security/sec-severity etc.
	- Seems I do not respect the uid of the pusher when we build pkg repo stuff.
	When I show the pkg repos for a user, I need to take pkg_map in consideration! Also, the existing pkg files (from rgfs).
	I think that by rgfs is ok because pkg_map was already was taken in consideration.
	Also, should we filter by distribution?
	- Building global repos must never be sent to an untrusted worker for
	security issues (leaking rgfs_key).
	- We still need to validate the path in rgfs.

[ ] worker: if machine does not start in an amount of time, we should destroy
	it and try again. After some tries, abort and inform the admin.
[ ] wh: list last build? Only the repo name? status? more entries?
[ ] pkg repo: are UTF-8 working in package names?
[ ] Rate-limit: we can offer a "try after x seconds" header.
[ ] Create a docker repository, add Clair for scanning.
[ ] artifacts: https://fedoramagazine.org/latex-typesetting-part-3-formatting/
[ ] rg_tmp_path - clean old entries.
[ ] Artifacts should not be stored in branch name folder (example 'master')
	but in the hash folder! Right?
[ ] Allow rate-limiting of the outgoing mails.
[ ] events: instead of returning FALSE, return an array which can signal the postponing of the task.
	For example, we may not have the gpg key ready when a repo rebuild is triggered.
	Also, we may signal that we should not retry a task.
[ ] css: parent: "display-flex: flex-flow: columns", childs: "flex-grow: 1" or "flex-shrink: 0"
	Pay attention on settings / Login tokens: we have hints as main content!
[ ] "prio" in different areas, is not clear which are first (bigger or smaller).
	Correct: bigger = last checked.
[ ] css: Merge 'form_error' and 'mess error' divs.
[ ] Size occupied by repos.
[ ] Generate event for repo add? Maybe to add gpg key?
	Or generate key at first use?
	In user history we should mark the adding of the pkg repo.
[ ] Update session only after the page is sent to the client.
[ ] stats: add a functional test for bots.
[ ] stats: show type of the requests with different colors.
[ ] Add a possibility to mark a repository as "disabled by admin".
[ ] Add a possibility to prevent others to publish the same git tree.
	We can just mark that repo as "special" and we block others to publish
	the same repository. We need to define "same": some hash chains
	or some hash for some files.
[ ] when we build, we ignore that we may did that build, for same treeish id.
	Think fast-forwards in 'releases' branches. We should reuse them.
[ ] wh: we should fail the build if we cannot generate packages.
[ ] If build fails, the rocketgit-j-jobid remains. Should be deleted?
[ ] wh: seems I index everything with $jid, but I do not take the environment
	in consideration!
[ ] db: when we get an error in connecting, do not complain immediately.
	Try again.
[ ] report1: what users logged in yesterday.
[ ] wh: when using a regex, show what repos/branches are matching?
[ ] wh: show what projects are covered by every webhook.
[ ] rpm: ok, we have the .src.rpm. We need to build locally the .rpm
	and create the repo.
[ ] artifacts: even if we have a single rpm file specified, we need to deal
	with it. Seems that now we only deal with directories.
[ ] artifacts: seems we ignore 'map' if it does not end in '/', but we should
	not!
[ ] rg_state_get must test for error!
[ ] css: flex + space-between must go! <p> has a margin-top.
[ ] We need to move key update usage after the operation, to get better speed.
[ ] Trim init/push hints if the repo is not empty?
[ ] When initing a repo, and main_branch is not 'master',
	delete it and create the correct one.
[ ] ssh authorize - add another option: autodetect.
[ ] I need to investigate how to pass gc.auto=0 to git-shell.
[ ] artifacts: add a link to the job which generated the files?
	Maybe also to the hook?
[ ] Workers -> All jobs -> 306 -> Commands details ->
	Elapsed time = 13y8m20h44m44s!
[ ] We do not show on what private repos a user has access.
[ ] Write in documentation about artifacts map_into_source.
[ ] artifacts: what happens if 'local_file_path' is a dir and 'regex' is not present?
	All files should be added.
[ ] artifacts: what happens if 'local_file_path' is a directory but the 'map' is not?
[ ] See https://www.python.org/dev/peps/pep-0503/ to implement a Python repository.
[ ] wh: to be able to use the same webhook for all projects, allow @@var@@
	in commands and export variables?
[ ] artifacts: remove and expiration support.
[ ] "Please login first" message must go. We need to redirect to the login page.
[ ] https://phpqa.io/ (PHP Quality Assurance)
[ ] doc: Secrets to Webhook tutorial.
[ ] builder: under lock, build a source -> artifacts table to easy the lookup.
[ ] artifacts: document './' and dirs which must end in '/'.
[ ] worker: any problems with the artifacts must be reported.
[ ] Changing e-mail should ask for the password.
[ ] worker: we should not exit if we cannot connect to builder:
	jobs must go on...
[ ] json_encode: it may be possible some fields to not be UTF-8 and it will
	give errors. Check all cases. For example: artifacts: path.
[ ] builder: do not send jobs if load is bigger than a value.
[ ] builder: we can do 'augmented artifacts' also for hashes (Source/Log).
[ ] webhooks: Not clear if the build succeeded or not.
	Also, not clear what hash/user/etc. was pushed
[ ] artifacts: augment main repo sources with the artifacts, based on information
	from mapping file. Add a mapping where to show these artifacts. Cool!
	I can add artifacts also in the 'Log' page, next to the commit.
	Add hash to the meta info for attifacts, to be able to map them in 'Source'/'Log'.
[ ] worker: cache last image to not re-download/build everything from the start.
[ ] Secrets: Allow secrets also per user/group and allow them to be lended
	to the projects.
[ ] Send an alarm to admin if disk space is low? Other cases?
[ ] artifacts: allow folder download.
[ ] artifacts: allow them to be used on wiki.
[ ] rg_conn_*: when we shutdown a connection, we should not send anymore!
[ ] report1: show elap for all type of objects.
[ ] worker: after worker restart, the jobs are not reloaded from fs.
[ ] Temporary artifacts seems to not be cleaned!
[ ] Allow hooks to be defined directly in the repository.
[ ] webhooks: Allow users to specify a timeout per command.
[ ] There are other tables with last_ip which is not populated at login.
[ ] When adding a build webhook, "Create repository" trigger event does
	not make sense.
[ ] Remove all " size=\"" stuff, now that we stretch the content.
[ ] https://www.w3schools.com/Css/tryit.asp?filename=trycss_table_responsive
	to have a horizontal scrollbar for wide tables?
[ ] artifacts: flag to prevent recursion?
[ ] packages: scan .spec file and debian folder to figure out what packages to
	install.
[ ] Use rg_url_segments on source/tree. Get rid of  / -> ,!
[ ] Somehow, I need to log (conns) also the artifacts downloads.
[ ] When we download a file, we may want to instruct nginx to not compress
	the content.
[ ] When we define rights, how can we distinguish between a logged in user
	and one that is not logged in?
	We want to allow bug adding only to logged in users (and maybe
	confirmed?).
[ ] Report: show biggest (public) repositories with their sizes.
[ ] When I request confirmation for account creation, how a user can resend the
	e-mail? Should I do it once per week from cron?
[ ] Artifacts: add "watch" feature.
[ ] Artifacts: add rights.
[ ] SELinux module seems to not be updated.
[ ] SELinux: pp file form rocketgit built for Fedora 31 rfuses to load on
	Fedora 31: seems policy version 20 is not supported! Very strange!
[ ] Get rid of master and slave terms.
[ ] repo stats: make different graphics for public and private repos.
[ ] Do I add in repo history if a repo was switched from public to private
	or the reverse?
[ ] Add also first_ip to 'users' table (= from where the account was created).
[ ] Maybe stop accepting creating accounts from IPs where nothing was confirmed?
	Because of Tor, this is useless.
[ ] When doing INSERTs, we check first with a SELECT. We should just do the
	INSERT and deal with the error. Else, a time race may occur.
	And is faster.
[ ] Statistics are for only one machine. We need to store also some id of the
	machine reporting the load (see rg_stats_insert)!
[ ] @@if - if it is the only thing on a line, remove \n, else, do not.
[ ] Document worker proxy-tls connection type and nginx sample (check cloud.conf).
[ ] Add admin Settings entries for parts_clean_table_* and for how much to keep
	the logs.
[ ] Add network statistics. Not clear how to obtain them easily.
[ ] Discover: should we have the 'Public' column?
[ ] stats: send monthly/weekly/daily stats for the users
	(how many visits/clones etc.).
[ ] Stats: number of confirmed users.
[ ] Func test for mail confirmation.
[ ] Persistent messages on all pages announcing something.
	I could swear I already implemented this!
[ ] https://rocketgit.com/user/catalinux/rocketgit/mr/2
	It says we can merge it but I am pretty sure we cannot!
[ ] Workers: we should tell the user if a worker is connected or not when
	loading the "List" page.
[ ] When changing the e-mail address we must invalidate/resend the confirmation.
[ ] Should I use ak_update_use or 'conns' will be enough?
	In 'conns' I do not store the id of the key, for example.
[ ] Add the number of bytes in/out in 'conns' table, also because of charging
	for private repos (packages download).
[ ] wh: allow saving artifacts to samba/nfs/ceph/webdav etc.
[ ] wh: allow to simulate another project push (call again all train
	of hooks for another project). Think about 2 dependent programs.
[ ] wh: time based triggers.
[ ] wh: API based triggers.
[ ] C security scanner: flawfinder
[ ] wh: we need a tag for URL to the application to complement ##commit_url##.
[ ] wh: ##tag## - add one for the site URL. ##site##?
[ ] 2fa: warn user when she/he is short on scratch codes.
[ ] Add a statistic also for the number of e-mails sent.
[ ] Warn if a 2fa validated IP is about to expire.
[ ] Session to contain when it was created and a logout will invalidate
	all session before the logout timestamp.
[ ] wh: Store curl_getinfo data into stats
[ ] wh: retry in case of (http) failures?
[ ] worker: Rate limit net traffic (configurable) (libvirt).
[ ] Sort the list of the files in 'Tree': dirs first.
[ ] exec2: we should be notified if the last cb_input take place to flush the
	buffer. See the download of a file (as base64).
[ ] Somehow, validate e-mail addresses at register or later in background.
[ ] wh: build: show time in queue.
[ ] wh: Add (and sort by) prio for webhooks?
[ ] "Please login first" error: shouldn't we just redirect to login page?
[ ] worker: remind users that the worker is not functional if it never
	connected? In a daily status mail?
[ ] wh: we should associate somehow the webhooks with repos, so, anybody
	who push can trigger it. Of course, the owner decides if it is
	triggered for other users. Then, add ##who## tag.
[ ] wh: notifications for merge request.
[ ] Unify wh and worker history.
[ ] worker: functional tests for cloning.
[ ] worker: allow user to forbid global workers.
[ ] worker: trigger for push: trigger a git mirror to other (specified) repo(s)
[ ] worker: Let the user choose how to clone a repo (ssh/https/git).
[ ] worker: Make error2 visible in the interface.
[ ] worker: test what happens if the worker process restarts. We should be able
	to survive.
[ ] workers+webhooks: seems there is a mess showing the last status.
	We should unify the status. update_last_output must go away; we
	need to keep the serialized data and generate it when needed.
[ ] workers: Do not show the 'user' column if I am looking at that table
	as a normal user (all of the rows are mine).
[ ] wh: seems an old env list is kept when we edit the hook. It should not.
[ ] workers: use transactions for rg_worker_update and rg_worker_insert.
[ ] worker: some stuff is stored in 'root/status', others in 'root'.
	Store everything in 'root/status'?
[ ] worker: hook_id must link to the webhook.
[ ] We do a namespace copy (copy_tree) before calling 'repo_fetch_push_helper',
	Then we may return 401, so the copy is useless!
[ ] worker: have a flag which allows internet access?
	Better to let the owner provide a template which may have or
	may not have Internet access. Think about private networks! Yes, better
	with template.
[ ] docker: ssh and git clone URLs are using docker hostname which probably
	is not working. Use some environment variables?
	Or disable them if admin did not set the correct URL?
	Or use the IP address?
	Search for php_uname?
[ ] Seems I have to move some stuff from 'update' hook to 'post-receive'
	because in 'update' we are not sure if update was really made.
	Take care of anonymous push.
[ ] Use users.last_seen to detect an active user.
	It is updated by a fetch by ssh, for example?
[ ] Add command to build_jobs.status to be displayed nicely on web.
[ ] Error handling for helpers called from rg_exec (is a mess).
[ ] rg_admin_email(s) should be extracted from database[users][admin][email]/state.
[ ] Investigate nginx 'gzip_vary on;'.
[ ] Logout token prohibits a 304 HTTP code! Bad!
	Why the logout token is regenerated?! Probably because the cache daemon
	is restarted!
[ ] user_login_by_user_pass_helper: when splitting login_token, verify to have
	only digits, else, just abort.
[ ] Investigate --push-option for git-push: we may instruct the server to do
	stuff. Seems the only way is to store receive.advertisePushOptions=true
	in ${HOME/.gitconfig. Probably other options (including custom ones)
	may be added there. Build something generic.
	Then, activate it for tests.
[ ] Should I add the event string to table 'events'? Maybe we want to filter
	by it in the future? Or make graphs?
[ ] stats: add a graph with the events queue (not processed yet events)?
[ ] In nginx we can set 'fastcgi_param WEB_ssl_session_id $ssl_session_id;'.
	Can we use this for session identification?
	https://nginx.org/en/docs/http/ngx_http_ssl_module.html
[ ] Check notes_body class if it really needs width: 100%!
[ ] rg_cache_get returns FALSE on error but also if the key is not found.
	We should distinguish the two cases. Really?
[ ] Build a php file with all the templates, to be in RAM?
[ ] Report the number of user confirmations.
[ ] Captcha
[ ] If a repo has no activity (bugs, pushes, merge requests), do not show it
	in the Discovery page.
[ ] "IanKelling" (LWN) complained about gravatar (send browsing info to
	gravatar). Should we make this optional? Allow user to upload a picture?
[ ] Sometimes, we set the cache repo_path with empty string. We should not.
[ ] totp + git:// - functinal testing.
[ ] We need to suggest setting 'ssh.variant=ssh' if port is not standard.
[ ] nginx passes HTTP_USER_AGENT=git/2.24.1, use it for statistics.
[ ] Add sourcehut.org in comparison.
[ ] exec2: from time to time log the number of bytes sent/received?
[ ] Add posibility to mirror a rocketgit instance into another.
	Maybe at user level? Something like: mirror all repos (including bug
	reports etc.).
	Some users may want to use a local instance, but mirror it in the
	official rocketgit.com site, for backup purposes.
	Should be mirror stuff back?
[ ] wh: are available for all users? Should we configure this?
	Think about a user which has push rights but is not the owner of the project.
[ ] push/etc: show how what IPs are validated with TOTP?
[ ] func test: add /stats url
[ ] ci: show how much swap was used. Used a sparse file and do a 'stat' in
	the end?
[ ] ci: show I/O disk/network stats. Show cpu stats.
[ ] When an access is allowed, list rule number which allowed the access.
[ ] Automatically create merge requests from a mail/patchwork/etc. feed?
[ ] Bytes/s on fetches/pushes (need exec support).
[ ] stats: add the number of events?
[ ] web analytics included in admin section (referer, URL, code).
	We need it anyway for graphics.
[ ] stats: add size of the database.
[ ] Add (un)hexa/(un)base64 decoding of files (but marked as "nofollow"
	to not be visited by engines? Maybe only 'un' operation to be allowed
	to be visited? Maybe add generic chain of filters (or labels?).
[ ] Merge requests: show the base commit name and date.
[ ] Use HTTP_USER_AGENT for storing pulls in history.
[ ] Seems I do not deal with renaming users, even if the function exists!
[ ] Extra output when cloning: seems to be a bug in git.
[ ] If user is deleted, do not allow access to any other user area.
	Seems that now we allow access to repositories!
[ ] Merging same mr seems is working and should not.
[ ] Inconsistent clone urls for a image installation:
	http is showing the IP, ssh/git the hostname.
[ ] comparison: red on "open core" and proprietary!
[ ] Allow more lock/info messages, with prios;
	add support for background/text colors.
[ ] We may need a lot of packages in build phase if we want to run the tests.
[ ] Before activating a http webhook, force user to add to the root of the fs file
	.well-known/rocketgit/hook-verify.txt wih a custom content.
[ ] MR merge_mr must contain also the ID.
	Search for "This is the merge message <xss>".
[ ] git_merge_base: cache is not done in the repo namespace => will not be
	deleted when a repo is gone. And we do not use the id of the repo,
	but path! We must use the id.
[ ] Blacklist IPs for webhooks
	127.0.0.0/8
	10.0.0.0/8
	172.16.0.0/12
	192.168.0.0/16
	100.64.0.0/10
	169.254.0.0/16
	::1/128
	fe80::/64
	fc00::/7
[ ] See err-* errors on production.
[ ] cb_* returning error - abort execution!
[ ] https://rocketgit.com/user/kapstok/NHL-InfoArch/source/log/commit/b61a9e25983fa66096a7a30755f7f0c4b89a7210
	Shows the commits and then "This repo contains no commits."!
	This is fixed, but the consumers of rg_git_log_simple
	must check if the array is empty and show a message.
[ ] git-receive-pack - it seems stateless-rpc and other thigs are gone!
[ ] Log also the time for push/fetch. Where?
[ ] In the reports, report also the size of the database? Tables? Indexes?
[ ] Size of 'rocketgit' repo is not correct! Seems correct.
[ ] When we try to send the report, check last success date and generate from
	there as many as days are needed to arrive in present.
[ ] Show size on disk for a user. Maybe on click, generate a nice report?
[ ] Error: error on ls-tree (task returned code 128 (fatal: Not a valid object name refs/heads/master))
	Must be converted to a nicer message (when repo is empty).
[ ] use '--stdin' for git-log to not get error 127 (command line too long)?
	See /user/howaboutsynergy/q1q/source/log/commit/50b2f01937cab19772c486f70fc81a4e0f5d0b34
	We may want to truncate the list to 50 files and warn the user.
[ ] Do git GC from cron.
[ ] When adding a http(s) hook with cert, should we check if we can connect
	and report at once?
[ ] Put in environment LANG=C/LC_ALL=C when running commands? Not sure.
[ ] When a lock is taken, log this (try without blocking and then with blocking)?
[ ] rg_git_merge: git locking - use the official way?
[ ] rg_git_lock: use it also for other operations?
[ ] "You have the chance to help all free software projects hosted here"
[ ] Allow users to add a PayPal/Ethereum/Bitcoin etc. pay details, and add
	specific links to accept donations easily.
[ ] totp: add a test to check if both db and cache are clean when unenrolling.
[ ] ldap: delete a server: we must not have a user in 'users', without
	a uid in ldap_cache: maybe a transaction needed?
	Why? Because we will not delete that user!
	When I delete a server, I have to ask the user if s/he wants to delete
	also the users in 'users' table.
[ ] ldap: func test when ldap_password changes, but we have the user inserted
	in 'users'
[ ] Will the moving of user_edit_no_check call into ldap would simplify code?
[ ] ldap: editing a server:
	- I have to update the plan_id for all users in 'users' table, if different.
	- if admin changes 'uid_attr', I have to set 'username' to '', to signal the
	invalidation of the entry.
	Take care of the cache! Invalidate it!
[ ] Can I update users.plan_id on demand, when user logs in?
	No, because the statistics are not good!
[ ] If we change the 'uid' attribute, we must invalidate the whole cache.
	But, we cannot delete anything. We need the link between ldap_cache and users.
	Just mark it as unavailable.
[ ] I think I should not allow the login by e-mail! If user can change the
	e-mail in LDAP, I have a problem. I think I can keep it.
	The password must match. Check!
	What about recovering e-mail?
[ ] memberof must be stored in ldap_cache.
[ ] Password must be sent encrypted from ldap_cache to 'users' (update_no_check)).
[ ] ldap: we do not have the membership and we cannot extract is_admin.
	Probably other fields. Not clear.
[ ] ldap: what rights should I give for users added by ldap?
	Is still needed to have rights in users?
[ ] Pass also the ldap server info, next to 'post', to be able to update
	plan_id.
[ ] ldap: we may want to check AuthLDAPGroupAttributeIsDN from apache.
[ ] ldap: should we have a 'source' field in users table to signal from where
	the user come from (web, ldap etc.)?
[ ] ldap: When updating a server prio, we have to update also the ldap_cache
	table. Should I use a JOIN to get rid of ldap_cache.prio?
[ ] ldap: Do not store password in clear in database!
[ ] ldap: take care to not allow logins as admins if the group name is user
	controlled. Should we use ^/$ by default?
[ ] ldap: https://github.com/thorin/redmine_ldap_sync
	As an example which works also on AD.
[ ] ldap: tests?: somehow delete old ldap servers. Also from cache.
[ ] ldap: how to specify if an account is disabled? Some regex needed?
[ ] ldap: server settings: select between one level or subtree.
[ ] ldap: what indexes are needed for ldap_* tables?
[ ] 'meronos' user is with lower 'm', but in the /var/lib/rocketgit/repos/
	folder is with bigger M! Does he renamed the user and I did not updated
	the link?
[ ] wh:build: output is not collected.
[ ] Lots of errors of this type:
	16056 ?        D     16:47 git --no-pager
	--git-dir=/var/lib/rocketgit/repos/by_id/00/00/00/7B/0000007B/
	repos/by_id/125.git log --find-copies --find-renames
	--find-copies-harder --no-merges --numstat -z
	--pretty=format:-=ROCKETGIT-START-5ab66aa6dd48474e=-sha1:%H%x00
	sha1_short:%h%x00tree:%T%x00tree_short:%t%x00parents:%P%x00
	parents_short:%p%x00author name:%aN%x00author email:%aE%x00
	author date:%at%x00committer name:%cN%x00committer email:%ce%x00
	committer date:%ct%x00encoding:%e%x00ref_names:%d%x00
	sign_key:%GK%x00subject:%s%x00body:%b%x00notes:%N%x00
	-=ROCKETGIT_END_OF_VARS-5ab66aa6dd48474e=-
[ ] Allow download of files in the repo.
[ ] Username must not contain '::' to not break cache! Fixed.
	Hm. Any string containing :: is at risk?! Or the = makes the diff?
[ ] Re-test totp urlencode text
[ ] Feb 16 05:59:01 r1.embedromix.ro crond[21105]: pam_systemd(crond:session): Failed to create session: Maximum number of sessions (8192) reached, refusing further sessions.
[ ] Why php-fpm is active on rg2?!
[ ] When doing opertions, log also the date/time, to be able to easily find
	user copy/pasted errors. Where?
[ ] 2 users, 1 private repo, granted Access rights, but no 'refs' rights.
	Trying to clone the repo by the non-owner, gives an errors as repo
	does not exists! This is not correct. The user must know that the repo
	is there because of the 'Access' rights. So, improve the error message!
[ ] Recover password must be enabled for ldap users? Probably yes.
[ ] 'deleted' field must be respected by ldap?
	If admin blocks/deletes/suspends an ldap account, what should we do?
	I think I must respect it.
[ ] ldap: ldap_cache.prio is needed?! Not anymore!
[ ] report how many repos/users/etc. were removed.
[ ] Investigate WWW-Authenticate HTTP header.
[ ] ldap: should we allow users to change their ldap password?
[ ] scratch_codes table: we should have an 'id' column for deletion.
[ ] test: move rg_test_sc_generate into 'totp.inc.php'.
[ ] 2fa: test pushing by http(by_http.php)/ssh(?).
[ ] Compare: mouse over is not working on touch-screens!
[ ] ldap: What should happen when we update plan_id.
	What about other fields?
[ ] ldap: If I remember correctly, the password attribute was editable!
[ ] ldap: document what 'Session time' means.
	Other fields need an explanation also.
[ ] Pushing by http but using ssh 2fa feature to unlock an IP is working?
	Should work?
[ ] When generating html diff, use a sha1(file_name) to not inject XSS and
	for html to look nice.
[ ] We should check if the request was a POST and not a GET! Else, CSRF!
[ ] totp: when trying to validate a token, if the token is wrong, the message
	is wrong ("you are not enrolled"). Is is a mess in totp_sc_verify
	because the error is set globally. We should pass it in return,
	not globally, everywhere is possible.
[ ] git_log_simple returns an array of commits, with a 'vars' section and
a 'files' section. When calling git_log, we also need to pass also the
from/to extracted from 'simple' output. Think about someone pushing changes
betwen 'simple' and 'full'!
[ ] We have some invalid numstat in the logs!
[ ] 'git log --patch' for submodules probably is not working right.
[ ] Allow users to change the value of 'diff.context'.
[ ] Replace all 'who_nice' open coded stuff with rg_user_nice.
[ ] We have lines_add/del. Why we need also 'changes' field (git.inc.php)?!
[ ] Document 2fa for http, now that is working.
[ ] PagerDuty, Splunk integration.
[ ] Add "Only AGPL and no CLA!" where needed.
[ ] comparison: "2fa for ssh".
[ ] Admin user edit is not working (going to create).
[ ] When pushing by ssh, show also the key id/name.
[ ] When pushing and 2fa is used, show how much time remains and how to
	revalidate the IP again.
[ ] When trying to clone by http, and I am enrolled in 2fa, I get an error:
	Error: non existing repo or you are not allowed to push!
	Which should not say anything about "push"!
	Fix is in developemnt. Just need to deploy. And notify nljelfs.
[ ] After enrolling in 2fa, we need to clear the fields!
[ ] Personalize welcome e-mail.
[ ] Allow (regex) only some domains/IPs to join the system.
[ ] Warn web users if they use TLS < 1.2.
[ ] Sec: must read https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-zheng-updated.pdf
[ ] Allow authentication by certificate.
[ ] passwords: we need multiple round of hashing.
[ ] sess: do not store the cookie in clear, but hashed.
[ ] ldap: if user is deleted from ldap, destroy all sessions.
[ ] When we are on /user/X page, do not show the username in the first column.
[ ] Zebra for tables!
	tr:nth-child(even) {
		background-color: #f2f2f2
	}
[ ] Should I allow duplicate e-mails?
[ ] Limit CI disk space and report such errors
[ ] https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence
[ ] ldap: add tags based on some fields and use the tags in filtering/etc.
[ ] totp: we check 2 in the past! Do we test if a past one was not already used?
[ ] Let admin/user what tls protocols are accepted.
[ ] Basic e-mail validation at sign-up.
[ ] Cache http password
	http://stackoverflow.com/questions/5343068/ddg#5343146
[ ] Add bitbucket into comparison.
	Version 5.6.2 has 268MiB! Nice! Not!
[ ] Rights for login: control IP/time/2fa/etc.
[ ] Add possibility to revert a push if the test fails.
	Or test the push first and then commit if passed.
[ ] Add pahole as a checker for the binaries. Next to cppcheck.
[ ] In Admin -> Users, show also the size.
	Also, we need sorting.
[ ] Add webhook for mastodon (fedrated microblogging)
[ ] Limit resources for a git process (for example how many threads for gc).
[ ] https://letsencrypt.org/become-a-sponsor/
[ ] Use 'tr:nth-child(2n) { ... } + tr:nth-child(2n + 1) { ... } for stripes.
[ ] Run test wh_http on CentOS / Debian! The client side cert test may fail.
	Generic, run the functional tests also on other OSes.
[ ] ldap: gather all sync stuff and commit in the end for sync=ro?
[ ] ldap: The cache may be used only if admin decided on how many seconds
		a cache is valid.
[ ] ldap: What if the plan is gone? Use the first one and notify admin?
	Or prevent the deletion if is used?
[ ] ldap: after switching to C, add support for replication (both ro and rp).
	ro/rp repl should populate the cache only - a user must
		not be created in db if the user did not login.
[ ] Seems I do not respect users.rights field.
[ ] Split 'C' user right into 'create public repo' and 'createprivate repo'.
[ ] Add compression for JS/CSS. Think about enabling compression for html,
	but, implement some randomization on content to defend against BREACH.
	For CSRF tokens there is a simple and effective defence, which is to randomize the token by masking it with a different (random) value on every response. The masking does not hide the token (whoever has the token can easily reverse the masking), but it does defeat the attack technique. Guessing is impossible when the secret is changing all the time. Thus, we can expect that most frameworks will adopt this technique. Those who rely on frameworks will only need to upgrade to take advantage of the defence. Those who don’t will have to fix their code.
	(https://blog.qualys.com/ssllabs/2013/08/07/defending-against-the-breach-attack)

[ ] Implement https://github.com/privacypass/challenge-bypass-extension
[ ] ldap: test nested groups.
[ ] 2fa: admin must be able to enforce it!
[ ] Have a user setting / button to create a diff without space clean-up.
[ ] detect big patches can return 'bad' and no good_files, but the simple log
	is still called! Not good! Functional test!
[ ] Go to groups.google.com and create a group for rocketgit?
[ ] I like the forms on http://cc1.ifj.edu.pl/en/
[ ] Cache HTTP credentials:
	git config --global credential.helper cache
[ ] Adopt DCO: https://developercertificate.org/
[ ] periodically run 'git fsck'.
[ ] ssh: 'UseDNS no' (docker / virtual machine etc.) to speed up the connection.
[ ] 
[ ] Allow multiple branches in the pull request
[ ] Enable HTTP/2 (as the tests)!
[ ] ldap: what to do with the ldap users when their server is removed?
[ ] Add a hint to login page that, with ldap, you can login also with mail/cn.
[ ] Allow user to choose if the real name is public or not?
[ ] Support https://www.microcosm.co.uk/order/product.php?ProductID=360&CurrencyID=3
[ ] I should fail the test phase if err- files are generated?
	What about server side?
[ ] Add labels for projects.
[ ] When creating a repo, refuse to end in '.git'. I strip it sometimes (tekker user)!
[ ] Get rid of links in /var/lib/rocketgit/repos, to not deal with renames etc.
[ ] I need a mechanism to verify an account expiration, even if a session
	is active. Think about marking an account to expire at some moment
	in time. We have shadowExpire for LDAP, but we must be able to do it
	also for normal accounts. The field is 'expire'. And maybe give up on
	'suspended' field?
	Do we really test if an account is suspended?
	Maybe is better to reuse 'suspended'.
[ ] Add timezone setting?
[ ] For authorize script, why we do not use the cache?
[ ] ldap: what session time to use? Use default, but let the user change?
[ ] Welcome e-mail may contain links to tutorials/api etc.
[ ] Should we store the server next to a ldap user to be able to look up
	the timeout value? Or just store the expiration into users table?
	What about entryUUID, the only thing that links ldap with db.
	What if user is renamed? Should I give up on keeping links,
	but, for admins, show the path to the repo.
[ ] ui['rights'] is still used? If yes, set them also for ldap.
[ ] Add a functional test to see if the request for e-mail confirmation is
shown on the page. And move it from hints to somewhere near the top.
[ ] ask_for_email_confirmation and rg_account_email_confirm do same thing?
[ ] Use sshd's ExposeAuthInfo to log some nice info.
[ ] We should never redirect using an empty string.
[ ] ldap: loop if password does not mach for an user.
[ ] ldap: when we find a user, try to bind as that user if first time
	we bound with the main one.
[ ] preg_match may return an error. Test for it!
[ ] If I restart the builder server side script, the client will not reconnect!
[ ] compare: granting reverse endorse power? RocketGit: No; GitLab: yes.
[ ] Decide what to do about Frederico request for space.
[ ] Add to home/repo page hints that you can build (CI) your project.
[ ] wh: build: cloning with --depth 1 seems to not allow checking out a specific
	commit. Not true. Seems a force push took place.
	We should cancel previous builds?
[ ] ldap: sync ssh keys
[ ] ldap: timeout must also be a parameter.
[ ] ldap: forgot function should not work?
[ ] ldap: User changing group => dn changes
[ ] ldap: User changing dn - check if entryDN is of any help.
[ ] artifacts generated by demand, on a special page.
	Think about building a CSV file from some files stored in repository.
	For example: building a csv list of servers based on some directories
	with the server and some files containing some info.
	Of course, a sandbox is needed for this. Lua?
[ ] change log id on forking and log this change.
[ ] ldap: limit replication fields to the ones needed.
[ ] ldap: allow admin to move all users to a ldap server (including groups)
[ ] https://stackoverflow.com/questions/28810795/git-clone-is-aborting-due-to-possible-repository-corruption-on-the-remote-side-e/28811605#28811605
[ ] web: Add 'add_header Cache-Control "public";' to 'public' content
	(nginx/location)
[ ] report: add also the load
[ ] Per git configuration, should be exposed to the user
	gc.pruneExpire 2.weeks.ago
	pack.*
[ ] css: add 'placeholder="some example here"' for some input fields.
[ ] In the report, show also the number of deleted repos.
[ ] We should not allow plan deletion if there are still users.
[ ] started requests without a final "commit" message should be logged as
	errors. Think about git operations which does not finish because
	PHP is out of memory. At the start and end of the operation we should
	send a message. If the 'end' is missing, we know that something is
	wrong.
[ ] We should re-think the logging, because some functions are
	called multiple times (hundreds) and we do not want
	the rg_log_enter string to appear multiple times.
	We need to delay the logging somehow and log the pending buffer
	only in case of errors.
[ ] Improve the caching of the rights.
[ ] rights: do not log success lookups, only the bad ones.
	Too much logging involved!
[ ] Messages from ssh/http transport: log also date and rg_log_sid to be able
	to find the problem quickly.
[ ] invite function for a repo - maybe suggest the rights?
	Auto create user? (petreb)
[ ] Allow almost any file to be downloaded as pdf.
[ ] wh: build: add time for machine boot-up.
[ ] I have some broken links in the /var/lib/rocketgit/repos folder.
	Maybe somebody deleted the repo? Check the logs.
[ ] ssh: wait till first connection is done with AuthorizedKeysCommand
	and only after that disable the authorized_keys generation?
[ ] ldap: admin: allow switching between ldap and non-ldap accounts.
	Because users may change their e-mail, we should be careful
	what we use for ldap authentication.
	Should we allow users to update an account to ldap?
[ ] ldap: allow admin to set ssl/starttls per server.
[ ] ldap: server add form:
	- type of the server (can we auto detect?)
	- host(s) urls (including port)
	- bind_dn + pass
	- base for search
	- which ldap field is used for authentication (sAMAccountName/uid etc.)
	- filter (&(objectClass=posixAccount)(uid=...)
		we may need to support more user types (e.g. 'user')
	- group base
	- group attribute ('group', 'posixGroup', 'groupOfNames' etc.)
	- admin group
	- regex for what groups the users are allowed to use rocketgit
	- mapping between ldap attributes and rocketgit user attributes
	- if we allow ssh keys from ldap
	- enable nested groups
	- paged results
	- follow referrals
	- ca/certificate/key/insecure?
[ ] ldap: sync: use ldapsearch -E sync=ro/rp!
[ ] ldap: respect account expiration set in ldap (shadowExpire etc.)
[ ] ldap: we may allow rocketgit rights to be defined in ldap
[ ] ldap: allow admin to decide the time between syncs.
[ ] ldap: find a way to re-sync more quickly, maybe just looking up
	only what changed since the last sync.
	Or, use the replication protocol?
[ ] ldap: prevent users to change their settings if the account is linked
	with ldap?
[ ] ldap:
	http://mageconfig.blogspot.ro/2014/06/configure-gitgerrit-with-open-ldap-for.html
	add groups support
[ ] a repo must have a direct link to report a bug.
[ ] Add a functional test for a max commit size bigger than a big number.
[ ] gabi: add API: input: user/pass, out: key for mobile app
[ ] gabi: API: discover, search etc.
[ ] In rg_exec, I can count how many bytes were sent/received!
	Expose them in the ssh keys section?
	Account them and enfoce some limits?
[ ] rg_ssh_host/rg_git_host must be set also in admin web page.
[ ] When a file is empty, show it in a special way to not be tempted to click
	on it.
[ ] hostname problems:
	We may want to add a new state (hostname_real) which will be set by
	admin and will have precedence over 'hostname', which is only
	guessed by first access. If 'hostname_real' is not set, add a warning
	on all pages for admin user to set the correct hostname.
[ ] For repo stats, add also the number of lines.
[ ] Add a minimum password length and enforce it everywhere.
[ ] Never redirect if the Host:'s port is different from SERVER_PORT.
	(see docker with redirects)
[ ] Add also "normal" web page (without virtualhost)
	to be able to start with the current server?
[ ] For repo stats, we may want to use --all or --branches.
[ ] When showing a commit, Create links for "Parents"/"Tree". Probably others.
	https://rocketgit.com/user/coria/coria-backend/source/log/commit/34fd00db0525b875e2f9afbe5a10af28fe06b03b
[ ] For 'diff' add an option to ignore white space.
[ ] Update session in background after I send the page to the user.
	Also other queries for sure we can delay them.
[ ] I get some AVCs about gpg - maybe when git tries to verify a gpg signature?
	Add a functional test for this!
	allow httpd_t user_home_dir_t:file { getattr open };
	Maybe I can find an interface for httpd_t - gpg.
[ ] When creating the admin account, redirect to settings?
[ ] Add AGPL logo to main web page?
[ ] Add 'depends/number' label to mark some bugs as a dependency on another.
	What about duplicates? Confidential?
[ ] We do no track the visitors. Also in git announce?
[ ] Use 'restrict' when generating authorized_keys file.
[ ] In report, report also the space used and a top 5?
[ ] At login time to destroy all forgot password pending tokens?
[ ] promise to not sell user data (tos/main page).
[ ] admin settings: disable reports by e-mail.
[ ] web: How can you help: sponsor us!
[ ] repo stats: at least generate the log into a file and parse the file?
[ ] Should 'logout' be a form to not be followed by browser automatically?
[ ] mail template mail/user/rename seems to not have the files!
[ ] Add hints on how to share a branch with a third party?
[ ] I can try to deduplicate the objects across all repos!
[ ] Get rid of the replace of '.' with ',' in branch names. Maybe also in file
	names? Just use HTTP URL encoding? Keep backward compatibility!
[ ] Add an Ansible playbook on Ansible site.
[ ] rg_re_repo_http must be removed.
[ ] If user does not provide an e-mail, I should not generate an internal error!
[ ] recover password: we never show the username! If the user forgot the
	username, this is bad!
[ ] https://tomu.im/ for 2fa
[ ] Slack: shouldn't have a link to a diff not to a commit?
[ ] user.inc - more cases when I have to send the http code?
	I am not really happy with 200 code! Check the source!
[ ] When reading state from cache, we should retrieve the whole state array
	to have it locally.
	Already done? I think not.
[ ] Log also HTTP_USER_AGENT (git/2.x.x for example) when fetching/pushing.
	We can extract statistics about what clients people use.
[ ] nginx: investigate  fastcgi_pass_request_body.
[ ] Do update of the session, key used etc. after the page was delivered
	to the client to lower the delivery time.
[ ] PHP reads 8192 bytes from /dev/urandom, I can read so much and keep that
	data and reuse it when necesary.
[ ] q_ms seems to not be ok - always increasing and = with MAIN
[ ] git_receive_pack:
	PHP ERROR: Unknown:0: Unknown: POST Content-Length of 8564467 bytes
	exceeds the limit of 8388608 bytes (errno=2)
	I need to send an error before processing data!
	Done!
	We may want admin to further limit it?
[ ] For PostgreSQL stats:
	http://bonesmoses.org/2017/04/21/pg-phriday-who-died-and-made-you-boss-the-investigatining/
[ ] Test with lighttpd and nginx the git_big_push test.
[ ] rg_exec: add a 'timout' parameter!
[ ] When notify webhooks, add also the text with the log between old id
	and the new id: so people know what was pushed.
	Maybe also the test phase output?
[ ] git-receive-pack processes seems to hang.
	Do we have a php-fpm config option? Or time limit php?
	rg_user_http_git: the time limit must go.
		And rg_exec must have a 'timeout' parameter.
		If nothing happens, just log an error and exit.
		probably, we have to test also if the connection is broken.
[ ] Allow '<' and '>' in user/repo names?
[ ] Fix "repo is empty" test. User may not have master branch!
	I think we need to test for this before calling rg_git_log.
[ ] Write a tutorial in 'docs' using 'pass' and 'git'?
[ ] Move VM stuff in 'docs' section?
[ ] Add to docs?
	export GIT_CURL_VERBOSE=1 GIT_TRACE=1 GIT_TRACE_PACKET=1
[ ] https://hunleyd.github.io/posts/PostgreSQL-Streaming-Replication-In-10-Minutes/
[ ] https://developers.google.com/web/fundamentals/security/csp/
[ ] When changing repo properties, we may want to write this into the log
	(Last events).
[ ] When pushing, warn users to not forget to push also the tags?
[ ] rg_git_diff may be affected by the same problem as rg_git_log (big diff).
[ ] Dis-allow webhook to connect to local services!
	Or, maybe, ask the user to prove that is the owner of the URL.
[ ] rename tests/http_keys into admin_set_ssh?
[ ] 'commit_url' is still used?
[ ] CSRF https://seclab.stanford.edu/websec/csrf/csrf.pdf
	Use Origin header!
[ ] Interface with Mastodon (https://github.com/halcy/MastodonToTwitter/blob/master/MastodonToTwitter.py)
[ ] Interface with Twitter (http://dev.twitter.com/)
[ ] Warn https users that Java version xxx cannot use https with DH > 2048!
	Do this in "hints"? Create a special page to describe this?
	"Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)"
	http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-give-could-not-generate-dh-keypair-exception
	jre/lib/security/java.security: jdk.tls.disabledAlgorithms=SSLv3, DHE
	apache: http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh
[ ] Add docs about how to use let's encrypt. And make sure the rewrite will
	not block let's encrypt request!
[ ] When I am on a merge request, "Pending" menu is not selected.
[ ] "Source": make ids links. Also a diff.
[ ] "Source" is not a proper name! Better: "History & files".
	Maybe replace "History" with "Log" and "Tree" and make the
	select of the branch/tag as a select.
	This is to not have another menu line. Is overkill.
[ ] If a repo is empty, should I show "Tree" menu?!
	Or at least, do not show an error!
[ ] Why do I not block the receiving of the commits in 'pre-receive' hook?!
	Because I cannot block individual commits.
	Still, if no rights are present, I can avoid receiving the data...
[ ] robots.txt: disallow diffs to show in search engines: makes not sense.
[ ] Allow companies to pay for support adds on projects.
[ ] wh: store data in mongodb and other NoSQL & SQL dbs.
[ ] Add a page with PostgreSQL stats and graphics.
[ ] Add project to HackerOne?
[ ] Add log_autovacuum_min_duration = 0 to log all autovacuum stuff.
[ ] postgresql: Use wal_compression = on / full_page_writes = off?
[ ] Do not report errors for old versions?
[ ] Add the rg version to e-mails sent? At least the one with error reporting?
[ ] comparison: Link "anonymous push" with the link to the doc.
[ ] ToS: disallow filesystems over rg?
[ ] Should I reissue the cookie if a token error appears?
[ ] repo surgery: man git-filter-branch
[ ] html5: new types: http://html5doctor.com/html5-forms-input-types/
[ ] WebAssembly: run rocketgit in a browser!
[ ] Rate limit rg.com (both connlimit and x)
[ ] postgres: activate log_temp_files and log_lock_waits
[ ] Limit the size of files at commit (in the rights section)
[ ] Use w3af to scan the application.
[ ] See https://communityblog.fedoraproject.org/ for design.
[ ] design: compare: add "?" to places where a mouse-over is available.
[ ] design: contrast is not good (Stig) (check e-mail)
[ ] Big files creates problems. For example:
	/user/coria/coria-backend/source/tree/branch/master/blob/nohup.out
	We should check the size and output only a part of the file.
[ ] Use --timeout=<n> for git-upload-pack. Maybe others!
	What about --strict?
[ ] Should I login the user if s/he pushes by https?!
	I think not? Maybe we would be able to use the cookies?
[ ] Add a network backend to be able to deliver git objects to scale the FS.
[ ] Use https://websetnet.com/setup-lighttpd-web-server-ubuntu-1504-centos-7/
	to create a configuration for lighttpd.
	Switch to lighttpd for the vm?!
[ ] Use a custom php.ini for rocketgit-php-fpm so we can remove some modules!
[ ] Suggest the users to use SSHFP?
	ssh-keygen -r aaa -f /etc/ssh/ssh_host_rsa_key.pub
[ ] --stateless-rpc seems to be gone from git-upload/receive-pack!
[ ] Record page faults, user time, system time etc.
[ ] https://liberapay.com/ (for donations)
[ ] https://gratipay.com/
[ ] https://www.bountysource.com/
[ ] http://breachattack.com/
	Investigate the solution to sign[/encrypt] secrets and regenerate them
	also to not store them in the database! I think the problem was the
	reuse...
[ ] process/io stats for PostgreSQL:
	http://momjian.us/main/blogs/pgblog/2017.html#February_15_2017
[ ] Investigate repack.writebitmaps
[ ] Add possibility to move/clone one instance to other server:
	repos and meta-information.
[ ] Provide links to private instalations in the cloud.
[ ] Allow Slack to report failed build.
[ ] What if server crashes between update hook and inserting in database
	the event? I have to insert before, and if the commit id does not
	exists to bail out!
[ ] Investigate pg_recvlogical and pg_receivexlog
	https://www.postgresql.org/docs/current/static/app-pgreceivexlog.html
[ ] Add a SELinux sandbox as a way to run user scripts.
	man virt-sandbox (LXC)
[ ] Pushing by http will not show which user we connect as.
[ ] Use asciinema to record some demos.
	:( - The web player is a huge js file!
[ ] Add a pusher webhook which will sync a local git repo with some other
	place specified by the user.
[ ] Add docs on how to setup postgresql replication
	https://wiki.postgresql.org/wiki/Streaming_Replication
[ ] AppArmor profile howto:
	https://www.digitalocean.com/community/tutorials/how-to-create-an-apparmor-profile-for-nginx-on-ubuntu-14-04
	https://wiki.debian.org/AppArmor/Debug
[ ] Add a method to recovery the password using a GPG/SSH/etc. key.
	And add possibility to refuse the recover by e-mail.
	Think more about this! Especially if the user is enrolled in 2fa!
[ ] comparison: Delegated Recovery supported by GitHub
[ ] When sending e-mails from events, add also the events.itime field in
	e-mails, because if the event processing fails, I will get an e-mail
	after a lot of time!
	Maybe add also the delay?
[ ] For API keys (maybe others), "Last IP" may be the IP who added the key.
	Or add an "Upload IP" field.
[ ] Add NoNewPrivileges to rocketgit-fpm service?
[ ] When I start the virtual machine, can I connect to console to run the build
	script instead connecting by other means? To not have to modify
	the image...
[ ] Add instructions to resize the base image:
	qemu-img resize Fedora-$TYPE-armhfp-25-1.3-sda.raw +10G
	Do not forget about the filesystem!
[ ] Re-test with a "'" inside the user name. wh_cloud test fails!
[ ] Add possibility to reject white space changes.
[ ] Add possibility to enforce a minimum lenght commit message.
	Add hints on how to do it.
[ ] LOW: Generate an internal CA, allow clients to download certificates
	generated by this CA and verify them, to be able to act like ssh.
[ ] LOW: act as a CA and allow users to download certificates so we can use
	http as ssh?
[ ] Low: add CURLOPT_PINNEDPUBLICKEY for webhooks.
[ ] Add login token for http authentication!
[ ] Make sure ETag is activated.
[ ] Add a hint on how to delete all files in a repository.
[ ] patreon.com?
[ ] Add U2F support (see U2F Zero for free software/hardware)
[ ] wh: add possibility to add public variables (values is public) or
	private variables (value cannot be retrieved) which will be provided
	inside hook. How it applies to CI?
[ ] Add 'delete account' unit testing.
[ ] We need to set default rights for a user/group.
	Seems 'R' (delete account) is given by default. But, where?
	Ah, it is the owner!
[ ] LOW: Allow build image to be persistent.
[ ] Deleting an account will not delete all stuff related (user_remove)
[ ] add to rg something like: https://letsencrypt.org/become-a-sponsor/
[ ] wh: add support for OpenWhisk, similar with Amazon's Lambda
[ ] On contributions page, as a way to help: recommend crowdfunding organzations.
[ ] SSH: the ratelimit may block some users?
[ ] Because HTTPS impact on performance, declare public objects as 'public'!
[ ] Update texts using the first LWN article.
[ ] wiki: a user can choose to use the main repo for wiki or a separate one.
	In former case, we need to specify the folder.
[ ] How users can help: write a Wikipedia article
[ ] Integrate RocketGit in most distributions.
[ ] We need to warn the user that she/he is bound to the ToS even if only
	visiting the site.
[ ] compare: add a No to privacy concerns: https://lwn.net/Articles/706700/
[ ] Deleting api keys seems to not working: wrong event is stored in db!
[ ] Testing apikeys, a real e-mail is sent instead of setting a var in cache!
[ ] Add a simple tutorial: add a C program, push-it ... CI ... get the binary
[ ] Investigate https://github.com/pa11y/pa11y in a CI stage (html checker)
	Why not also tidy?
[ ] ft: check apikey e-mail to have the correct info.
[ ] wh: lambda: if we get code 400, we do not set the cache correctly.
[ ] wh: cloud - if we do not provide some events, we trigger no error!
	lambda is working!
[ ] wh: allow to trigger only if some paths are changing!
[ ] wh: after edit, the order is changed! We must sort them!
[ ] lambda: Secret access key is not masked when we edit the hook!
	We must allow the change but do not show it!
[ ] test: do a test for rg_authorize command: upload a key and check by fp
[ ] test: add one for SSH AuthorizedKeysCommand
[ ] LOW: add fuzzers for checking code.
[ ] Use skipfish/w3af/etc. for security scanning
[ ] LOW: investigate https://aws.amazon.com/codepipeline/
[ ] wh: start an ec2 machine
[ ] Discover: do not show repos which have no commit and no bug?
[ ] web server: configure it to not stat every path component!
[ ] First page: link to the Changelog?
[ ] Compare: supported distributions
[ ] What happends when an environment is not available anymore?
[ ] Provide host key to the user to be sure they connect correctly.
[ ] Full audit for keys (ssh and api)
[ ] https://hackerone.com/reports/104543 and click encode.txt - the button is nice!
[ ] LOW: ci: Allow to pass @@...@@ parameters to the scripts.
[ ] LOW: periodic check with:
	https://developers.google.com/speed/pagespeed/insights/?url=rocketgit.com
	https://tools.pingdom.com/#!/d1gWwL/rocketgit.com
[ ] Investigate Linode for CI
[ ] LOW: Use test_login function in tests.
[ ] LOW: can we import directly putty keys?
[ ] Build system: we cannot touch the machines when they are in use!
[ ] Auto check for SSH weak keys.
	Debian OpenSSL problems tool: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
[ ] LOW: When fetching/pulling, record the number of bytes.
[ ] LOW: rg_authorize seems to be executed twice!
[ ] Get rid of remote.sh and execute directly remote.php?
[ ] LOW: AuthorizedPrincipalsCommand - for certificates
[ ] LOW: With a lot of accounts, use AuthorizedKeysCommand with %f.
	But, it is hard to change the configuration (as a package).
	So, add a patch to openssh to always search for xx/xx/xx/fingerprint
	"authorize_keys" file, where xx is a part of the fingerprint.
	Pay attention, if the file is found, do not fall back to authorize_keys
	file! So, rocketgit can generate both and will work without changes.
	Better, extend % commands: %1 %2 %3 %4 to means byte 1, 2, 3 and 4 from fingerprint.
[ ] Bug user to confirm the e-mail.
[ ] Add a privacy policy
[ ] Provide qcow2 image for direct boot with copy-on-read and for OpenStack.
[ ] Add custom web page messages (idea from GitLab)
	Also, add them for ssh/git.
[ ] Add a log per user as per project.
[ ] Add expiration for keys, api key, hooks, rights etc.
[ ] Debian: on reconfigure - add admin account?
[ ] Investivate gc.*, repack.* etc. configuration.
[ ] Use .mailmap when building stats?
[ ] Before start a build, check if it was already built.
	Think about a fast forward.
[ ] API: When loading info about a user, do we need to show the e-mail?
[ ] API: Seems I get:
	PHP ERROR: Unknown:0: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. (errno=8192)
	when I access the API. Probably because there is no '='!
[ ] 'HTML:description' in api cannot be right.
[ ] Add api.html javascript example for calling the API (add it in demo?)
[ ] Nice font: 'Open Sans', 'sans-serif'
	"proxima-nova", 'Helvetica Neue', 'Helvetica', sans-serif
	Think about non utf-8 chars!
[ ] cache: add primitive transaction support to avoid de-sync:
	Something like:
	BEGIN DESTROY=uid::3
	bla bla
	COMMIT - if this is not present, the cache will destroy uid::3 key
	More keys will need to be destroyed.
	What if we cannot connect to the cache and we delete something?!
	The cache will return the deleted stuff.
	Maybe we should mark the cache as dead and do not use it anymore.
	Or use it after is emptied.
[ ] virt-install(?) must be a dependency for the worker?
[ ] ci: add notification e-mail on every command/label.
[ ] ci: build hook: if is docker, how to specify the start image?
[ ] ci: when defining the build hook, specify a list of branches to merge
	if everything is ok. Checkbox for fast-forward or not?
[ ] ci: if the review points are met also do auto merge.
	How it relates to build test (order etc.)?
[ ] Initial commits may be very big. And we are generating them all.
	And this takes a lot of memory in $rg. Optimize it!
	And, we may want to show the diff per file, not all files at once.
	Also, we may impose a limit and add a warning that only a part of the
	diff was shown and a hint how to do it on local computer.
[ ] Do send mail only from events, never from apache user. Else, we have to
	activate a SELinux boolean.
[ ] We do not do CI! We validate, but we do not auto-merge!
[ ] Why we need to remove 'php' package?! If we don't, the php shows
	the source, unparsed! Cannot reproduce anymore.
[ ] Instruct user to open in firewall the port for workers.
[ ] Use 'guestfish --ro -a a.img -i'. What for?
[ ] Check 'X-XSS-Protection: 1; mode=block'
[ ] Better explain why world needs another git hosting software.
[ ] Features: I did not explain what Affero means! Only GPL.
[ ] fpm: provide a classic startup file.
[ ] Some errors are like: 'cannot insert/update'. Are not very helpful!
[ ] At start, we do not have workers defined. We give the error "no
environments selected", but the user has no choice. We should instruct the user
to add a worker? Also, no hint is presented.
[ ] "Add note" form is too wide and when browser width is small, the "Add note"
	header is not shown! Maybe, if width is too small, adapt textarea/text
	inputs?
[ ] use shutdown function for async cache stuff? Maybe other things?
	I do not think so... Should we have a write ahead log:
	something like we inform the cache that we need to clean an entry
	it the connection is broken.
[ ] UTF8 with the database, please check.
[ ] main page: add a new way to earn money: add sponsors, directly in the source
	to be shown on every deployed rocketgit instalation.
	We can use bidding for the order.
[ ] Investigate socket activation for fpm? Cache? Events?
[ ] Why do I show info about correct host name in hooks?!
	Maybe because only in the hook can we output stuff?
	Also, give correct command to change the url, not only inform the user.
[ ] http: do we allow a fetch for a anon user from a private repo? test!
	Not only http.
[ ] If user has push access, why do we create a namespace?!
	Maybe because I do not know the pushed refs?
[ ] Now, also the web part can do the db update.
[ ] rg_repo_fetch_push_helper: if git repo is not created, delay the fetch/push?
[ ] Consolidate "welcome to rocketgit" messages!
[ ] when creating a vm, pass 'rng' device
[ ] Allow user to upload GPG keys ids and use them as an authentication
	witness when pushing signed stuff.
[ ] Provide the URL to the pull request
[ ] Add custom hooks (example: hooks.d/post-update.d/*)
[ ] Disable auto gc and run it one per day, more or less?
[ ] Log client version when fetching/pushing?
[ ] man git-http-backend:
	The backend process sets GIT_COMMITTER_NAME to $REMOTE_USER and
       GIT_COMMITTER_EMAIL to ${REMOTE_USER}@http.${REMOTE_ADDR}, ensuring
       that any reflogs created by git-receive-pack contain some identifying
       information of the remote user who performed the push.
[ ] Clone/push by HTTP: cannot send the welcome message.
	Probably, we have to add a patch to git-receive/send-pack.
[ ] Add support for nginx and lighttpd.
	php-fpm comes with files in /etc/nginx! So can we!
[ ] At least for http we do not check if host does not matches and warn user
	to change it.
[ ] Get rid of xinetd and run remote.php as a service. With a .service file. Done.
	The same for all other cron scripts (except cron.php)!
[ ] unit test for apikeys
[ ] advertise on git mailing list.
[ ] git-receive-pack: check certificate stuff!
[ ] We may want to use fastcgi_finish_request to continue doing stuff in
	background.
[ ] demo: list pages (and titles) in a text file to not have it hardcoded!
[ ] demo: small tutorial on how to contribute to a project on rocketgit
[ ] demo: ci1: I did not explain how it works regarding workers/libvirt/etc.
[ ] https://libreboot.org/git/#githosting; also why you should not use
	github/gitlab. We should link to this in a section: "Why we need
	another git hosting solution?"
[ ] build: Instruct user to add qemu-guest-agent package?
[ ] demo: contributing to a project - how easy it is.
[ ] We have no event for tag push!
[ ] Notify user if a repo is created and nothing is pushed.
	Maybe SSH is a barrier?
[ ] wh: add a rsync plugin, with user and pass.
[ ] build: Document how to start builder.sh (from cron or let it read the conf
	file). Or, never install worker.conf and let an admin to rename
	worker.conf.sample into worker.conf
[ ] build: for admin, we can access "Workers" two ways:
	- Settings -> Workers
	- Admin -> Workers
[ ] worker: allow a custom virsh command (to be able to connect to other host)
[ ] git diff does not execute arbitrary commands from .gitattributes?!
	--no-ext-diff, --no-textconv
[ ] When we build for multiple architectures, we may reuse the initial image...
[ ] build: when we should fallback to global workers? Maybe the user
	does not want to use the global ones!
[ ] build: try to rebuild the master image with all the packages a user needs,
	so, the start-up cost will be smaller.
[ ] build: we must add an event when a job is done.
[ ] build: What if I tunnel everything using SSH?
	Take care to not allow a worker to fetch any repo. The server must
	provide a key that will allow only a repo/head to be cloned.
	Probably the best way is to use the socket for notifications and
	use the API to get the job and post the job.
[ ] debian: deal with config files (do not overwrite them)
[ ] build: Ask softiron to donate an "Overdrive 1000" for builds on 64bit ARM.
[ ] build: document colors (/color=fff)
[ ] build: provide real link to the repo for cloning.
	Done, but if ssh is disabled, allow https!
[ ] build: we must be able to specify a color for labels.
[ ] build: when listing workers, add some info about what they are doing?
	Pay attention to security issues: we do not want to list private repos!
[ ] build: allow meta rocketgit tags in commit message to trigger some hooks.
[ ] build: warn user about the unprotected channel with the master process.
[ ] build: add a "Download" button for worker configuration.
[ ] build: if a worker losts conectivity, at reconnect may send DON jobs
	to the server. But in the mean time the server may already
	redistributed the job to other worker. Just ignore the DON.
	But, a worker must ask the server if the job is still needed before
	starting to work.
[ ] build: what happens if worker process crashes? We loose all state (pids,
	virtual machines etc.). We must save this info to be able recover!
[ ] build: do load testing (Cosmin R)
[ ] We may want to cut the network access for user 'build' inside the worker.
[ ] Register with freecode.club
[ ] build: allow user to install some dependencies (done).
	Or maybe try to detect from the spec file?
[ ] wh: we do not have the time of last run! Where?
[ ] build: allow adding environment variables for a job.
[ ] Somehow, warn the user that no environments are available and instruct
	she/him to add workers.
[ ] css: 'mess' class has a 5px top margin. it is not ok (check edit webhook).
[ ] Filter environment (allow only a-zA-Z0-9_.). Why?
[ ] Join builders.inc.php and workers.inc.php?
[ ] build: builder.php: we should wait for a notification instead to poll
	the database.
[ ] build: enforce a max build time.
[ ] build: show user the status of the workers. Also, how much time they
	were used and what builds they did.
[ ] build: find a way to reuse machines, so we avoid the startup cost.
[ ] build: avoid starting a lot of services. We do not need them!
[ ] Some daemon to synchronize two instances (master standby or just
	load balancing)?
[ ] build: Use 'type' field!
[ ] build: 'key' is still used?
	I think yes. It will be presented when a user validates the worker.
[ ] build: Reload worker config somehow.
[ ] log2listing: seems I do not add labels per commit but only at the end!
[ ] The verification of user-provided CSRF crumbs with the expected value did
	not use a constant-time comparison algorithm, potentially allowing
	attackers to use statistical methods to determine valid CSRF crumbs
	using brute-force methods.
[ ] clone seems to be done by git and not by ssh!
[ ] About SSH/API keys and rights: there is some interference between these
	and granting rights. Seems, as we grant users some rights, we also
	grant API keys some rights. Maybe add the key in rights?!
	Which rights?! It is not clear how should I link the api key
	with a right. What sense makes the 'user' field next to the api key?!
	And how do I show the api key? As the short name or as the id?
	OK, but this makes sense only for repos! What about users, webhooks
	etc.? Maybe repo 'rights' makes sense from cloning.
	API makes sense for API manipulation. What about cloning using an
	APIKEY?
	So, the API keys is just another authentication method.
	This means that the 'rights' tabs should be moved in settings?!
	Probably no. But we will need also rights in Settings to control
	!repo stuff.
[ ] More unit testing for API keys.
[ ] Probably, also ssh keys must have some actions allowed attached to them.
	How it will work?! By default, all rights.
	Use case: allow a key only to push on some repos (regex)
	Use case: allow a key to only access repo APIs.
[ ] Scan SSH/API keys and notify user when they were used too long ago, and ask
	the user to remove them?
[ ] From time to time, regenerate the passwords with other salt to protect
	against stolen db and brute force attacks.
[ ] Respect .gitattributes file
[ ] Get rid of "Please login first"! Just show the login form!
[ ] Sometimes we send cosmetic data to cache! Not good! At least in totp.inc.php!
[ ] LIST_LOADED/LOADED etc. is not used: at least on totp.inc.php!
[ ] A difference between paid accounts and free ones: how much time we keep the
	logs.
[ ] Add an API layer to be able to use other git hosting scripts to connect to me
[ ] Sign some contract with Nitrokey.com to provide keys to the users.
[ ] Destroy storage for 'build' machines
[ ] Add a new right: "allow pushes only if they are signed".
	As with ssh keys, a user may want to add public gpg keys to a list
	that is allowed to push. Take care: you can sign tags but also
	commits.
[ ] Slack: push also the commit message.
[ ] sql: use somehow the rg_sql_conn[]['app']
	Keep in mind that some postgresql version (8) does not support
	application_name= connection parameter.
	But, we may use: set application_name = 'newappname';
[ ] low: build: auto install dependencies based on .spec/debian files.
[ ] Show labels also in the commits list?
[ ] wh: Add "Change labels" action for a hook.
[ ] build: Run a build client on Amazon?
[ ] wh: last_output: add repo/branch/etc.!
[ ] build: allow admin to set the environments?
[ ] wh: add labels to repo that will be passed to web hooks, and reflected in
	##...## tags.
[ ] sec: is it safe to store serialize stuff in db?
[ ] curl: remove return headers because we also trace the execution and
	doubles the last output.
[ ] wh: have_events -> list of supported events
[ ] unit test: lambda - not clear for what events
[ ] build: user must be able to add custom hooks to builds
[ ] build: add some tags for label_ok/nok: #date#, #time#, #elapse#
	##worker_name## etc.
[ ] build: add build time to be sent to builder.php
[ ] build hook: provide a way to export an archive (provide a list of files)
[ ] build hook: inside virtual machine, switch to a non-privileged user.
[ ] ci: check codeship.io, circleci
[ ] Not clear how to make an event to depend on a preceding one.
	Also, how to execute next hook when one finished?
	Should I do ci in parallel?
[ ] Add a 'build' hook:
	Support docker/lxc/kvm.
	We must fork to not block events processing. But we should not
	spawn too many builders. I do not have support for postponing an event.
	Probably we should add the job in a queue. The queue is run by root.
	Result will be put in a status file.
	How should we prepare the job? We need the URL to clone (optimize this)
	and a command to be run inside. Also we need an image to be used to
	do ths build.
	--net=none/bridge
	--user - check
	--ulimit
	chcon -Rt svirt_sandbox_file_t /path/that/will/exported/as/volume

	I must find a way to allow the cloning for private repos (a key?).
	Or a side channel to transfer the files.
	What command should I use to do the cloning?
	I think the best way is to clone - and to allow the cloning
	done by builders. Mark some users as builders and allow access
	automatically? How should I give the rights? Maybe the function that
	loads the rights to automatically add Fetch rights if user is marked
	as 'builder'?

	We need to specify the architecture.

	Sometime we may use kvm - but we must prepare a nice build machine
	with a lot of build tools - no problem! Ask for dependencies?
	Look for a .spec file (for Fedora)?
	I must switch to a user to do the build. Maybe using a sandbox?
	How can we list the images available?
		We may define them in admin section!
		Including base image.
	Have different queue for different types of build scripts (docker, libvirt)
	In 'admin' section, add a key to be able to connect to the build daemon
	and retrieve a job. So, we need to have a tool that connects
	to the daemon, get a job file, process it and post back the results.
	After a job is enqueued should we continue with hook executions?
	Should we add the notion of dependencies between jobs?
	== job is done here ==
	Now, how to process the job? Especially on another machine.
	Maybe set the script also by admin and that script will finish the job?
	And doing some authentication?
	============
		[for arm: --virt-type qemu]
	======
	Parameters in announce: max memory, max cpus, 
	I can keep the virtual machine always 'on'. Maybe revert to previous
		snapshots?
	Disable network?!
[ ] pr: add private pull requests?
[ ] Truncate hook output, but keep the last part.
[ ] Add a 'label' hook.
	When another hook adds a label (for example the 'build' hook),
	trigger this hook to execute something (for example, code deploy).
	Maybe order the hooks and add a filter by label; for example:
	1. Trigger a 'build' hook => build=<status>
	2. Do code deploy if build=ok and on tag X
[ ] Recheck token generation: I suspect I do not regenerate it on a page reload.
[ ] Show how to limit the length of the file names in a commit.
[ ] wh: filter by year/month/day/hour/minute/dow.
[ ] Protect emails from commits?!
[ ] /user/catalinux/test1/source/tree/blob/"xx/"yy" on rocketgit.com
	generates errors. Something regarding ls-tree that outputs nothing.
	This is another problem. If is empty, we should not enter foreach!
[ ] mr: when pushing, also show the link to the mr?
	We do not have it because we add an event.
[ ] mr: After merging, should we delete the namespace?
	Do we need the namespace anymore?
[ ] repo stats must not be generated in web. It may take a lot of time.
	We must do them incrementally, from cron, and only max N commits
	per repo in one run.
[ ] Seems that after I create a repo and pushed something anonymous, some files
	were not readable by others. :(
[ ] mr: where is the uid of the user that did the push?!
	Is the anon push by a user supported?!
	added merge_requests.who (default 0)
[ ] LOW: wh: seems after I am doing an update, the ordering is not respected.
	Order it after loading from cache.
[ ] LOW: wh: should we have a 'last_exec_time' field?
[ ] LOW: do we clean temporary files automatically?
[ ] LOW: when pushing, in history add a link to the pull request (if anon).
[ ] LOW: commit on web: enforce subject (50 chars), do wrap (72),
	enforce signoffs or other headers. Add a marker to force no wrap.
	A pull must have name, e-mail, why, shorlog, diffstat.
[ ] LOW: mr: notify the owner of the pull request (if not anonymous)?
[ ] LOW: when destroying a repo, destroy the cache by path (git caches by path)
[ ] LOW: /usr/share/rocketgit/root/themes/default//usr/share/rocketgit/root/themes/default/hints/list/header.html
[ ] LOW: mr: get rid of namespaces? overlayfs?
[ ] LOW: mr: add possibility to reject a pull request.
[ ] LOW: mr: add the right to reject pull requests.
[ ] LOW: mr: allow adding comments for pull requests.
[ ] LOW: mr: Add after "Against ref" the sha/subject of the commit.
[ ] LOW: mr: allow the anonymous users to delete a pull request by providing
	a link.
[ ] LOW: mr: allow the owner to remove a pull request.
[ ] LOW: mr: Use rg_git_request_pull to generate a pull request from an own repo.
	Example: git request-pull master~4 git://localhost/user/catab/testpull
	We must present a list of commits, so the user can choose 'start' and
	'end'.
[ ] LOW: do not make the e-mail mandatory.
[ ] LOW: mr: add PGP signature in the pull request.
[ ] LOW: mr: "git diff ...otherbranch" - should I also use this to show
	what a merge will do? This is different from git log old..new
	when branch tip was updated.
[ ] LOW: optimization for merge_base: if 'against' == HEAD, just return 'against'
[ ] LOW: signal when a pull request from rocketgit was fetched?
[ ] LOW: pull rquests: subject and body must be in another div.
[ ] LOW: rebase: add rebase on a branch (test for conflicts first).
[ ] LOW: mr: add another type of merge: merge a branch into another.
[ ] LOW: mr: add to history when a merge is done.
[ ] MED: mr: a push/merge must destroy the cache git::sha1($repo_path)
[ ] LOW: mr: add caching for mergeability status.
[ ] LOW: "mode:" must be also shown nice
[ ] LOW: mr: commits must be isolated in div islands with some background
[ ] LOW: mr: maybe files should be listen on the right of the commit info?
[ ] LOW: mr: Commits must be indented somehow.
[ ] LOW: mr: between diff and "Commit xxx" there is no space!
[ ] LOW: In log/line.html, subject should also be a link to the commit
[ ] LOW: mr: allow user to resolve conflicts online?
[ ] LOW: mr: error messages must still show the merge information.
[ ] mr: what if a user pushes agains a tag instead of a branch?!
	rg_git_short will not work correctly!
[ ] mr: test if a merge was already merged.
[ ] Do we call rg_git_reference when a push takes place?
[ ] Add rewind/rebase rights?
[ ] for any tree sha, add a link to show the tree.
[ ] mr: add possibility to reject a pull request (and move it to the inactive
	queue).
[ ] mr: when a push is taking place, all mrs must invalidate merge_cleanly flag
	but only if are affected by the branch!
	Also, revalidate if the merge is ok and if not, maybe notify the owner
	to give her/him the chance to redo it? Maybe sent her/him an access
	code to be able to close it?
[ ] notes: Error: Unknown refname type provided [refs/notes/commits]
[ ] notes: Right ro allow notes pushing?
[ ] repo: delete 'mr's when deleting a repo.
[ ] bug: allow deleting
[ ] final-form: add a flag to the repo that is not maintained anymore.
[ ] Scellow: dark theme (https://userstyles.org/styles/37035/github-dark)
[ ] Add some hints on how to recover the password for admin user!
	Make the script to allow to change pass for any user?
	Think about multiple admins.
[ ] Instead of "Plese login first", just show the login form?
[ ] Allow git archive --remote git://rocketgit.com/user/catalinux/cpublaster -o cpublaster.tar.gz
	to work. Now it shows:
	Unknown command [git-upload-archive /user/catalinux/cpublaster]
[ ] docker/vm: Investigate alpine as base os.
[ ] Based on extention, show as text, image or just binary. If is big,
	just refuse to show it.
[ ] history: when a branch is pushed, link to the difference between the two.
[ ] wh:http: add a tag (##...##) with the first commit text?
[ ] Show more info about ssh keys: type/bits/etc. Bits done.
[ ] Think about attaching a webhook to a foreign repo.
	Think about getting Slack notifications for pushes in another repo,
	not owned by you.
[ ] inject a variable lenght dummy field in login form. Maybe other sensitive
	areas where the length can be used to detect a password length.
[ ] ssh keys should not be in the same namespace as user. keep them separate
	because are not so used.
[ ] repo stats: number of bytes in all files (maybe grouped by extention?)
[ ] http://www.zdnet.com/article/github-developers-express-anger-at-lack-of-support-bug-fix-issues/
	- custom fields for issues (with enforcing)
	- voting not "like"
[ ] Prepare rocketgit to run on:
	http://linuxgizmos.com/15-dollar-sbc-features-quad-core-64-bit-allwinner-a4-pi-expansion/
[ ] wh: 2 members in a team, both must push to S3 - it is possible
	with only one hook? If the other user can push, why not let her/him
	execute the hook? The problem is that I have no link between the repo
	and hooks. Maybe go to the repo and link the hooks? what about
	'repo create' hook trigger?
[ ] wh: Add a link to a "movie" explaining how with one hook you can cover both
	production and evaluation deployments.
[ ] wh: notify user when a hook fails.
[ ] wh: trigger on assigning a tag? For example, trigger on
	adding a tag (regex match) to a ref (regex match).
	I do have two matches here!
[ ] wh: what about a user that has access to push in a branch,
	but is not the owner of a hook. Should I run it?
	Should I flag a webhook as 'global'?
	Should I add a field to specify the user or '*'?
[ ] wh: we should deploy also if a pull request is accepted.
[ ] wh: when editing, some data may be secret...
[ ] wh: add a hint about 'opaque'.
[ ] docker: add a link to rocketgit.com in description + better description
[ ] Add a unit test for repo creation. Didn't have one? Hm.
[ ] notes: I have a little space below the picture because a <img> inside <a>!
	How to get rid of it?
[ ] When rejecting a push because of rights, show also what rule matched.
	Maybe also why? For example: ip is not in range?
[ ] Discover: I must not say
	"No repositories found. Go to My repositories / Create to add one."
	It is about the others' repos.
[ ] Why we do not connect to local named socket for postgres?!
	Changed, let's see what breaks.
[ ] Comment out "DEBUG list:" line.
[ ] Somehow, test if we use rg_xss_safe if a 'HTML:' var is set.
[ ] ssh: not documented in hints
[ ] I do not have rights to del_undel bugs, but I am still getting the
	token (token_get). Not good.
[ ] Plan for webhooks:
	If we do 'include', take care of type to be only a-bA-B0-9_!
[ ] Do not show 'webhooks' menu if the login user has no rights.
	This is for when we will allow webhooks per repo. If.
[ ] Add labels for users and for repos/comments/etc.? [Also] private ones?
[ ] last events: gravatar
[ ] last events: 2015-12-27 09:42 	n/a 	Reference refs/heads/master created (290e4f7a70640d79836b3298c47b913484da24de)
	Why we do not have the user?! Ah, because is anonymous.
	Should we just say so?
[ ] rights: store '*' as equivalent for "all rights". Else, when we will add
	more rights, they will not be automatically added to the list.
[ ] "Please login first"/"Login form" are now justified.
[ ] Use rg_repo_has_rights.
[ ] Do we stop event processing when we change the structure?
[ ] wh: add 'listen tcp socket', 'connecting tcp/udp socket', 'ssh', 'mail'
	hooks.
[ ] git: do not try to show binary files.
[ ] css: 'source'/'bug_body'/'notes'/'mess' was with display: table
[ ] css: decide aboud island_row if we do not switch to flex
[ ] Adapt HTML title based on content
[ ] When showing a commit, add the subject, the body, who commited, gravatar,
	itime, treeish, last tag/branch etc.
[ ] readme and vm: add --data-checksums to initdb! Seems the performance hit
	is not too big.
[ ] rights: split into "List" and "Grant".
	When editing, should I show the list? Put the edit form above list.
[ ] path rights: allow add/delete filenames? Maybe also 'rename' right?
	Maybe split "Push" into: "Add files", "Delete files", "Change files"
[ ] link gravatar with user homepage
[ ] add "link" text to the comments, so users can link to comments. and not only.
[ ] db: we may want to run CLUSTER on some tables.
	rights table: type, obj_id, prio, itime
[ ] db: event.php to have more rights on users tables than web access.
	Maybe I can add INSERT/UPDATE on 'users' to web for email column.
	Maybe use views to separate the rights.
[ ] ci: add coccinelle into the mix (next to cppcheck)
	http://thread.gmane.org/gmane.linux.network/390690
[ ] si inca o chestie foarte utila ar fi sa pot accesa fisierul raw, fara line
	number, pentru a putea da copy la mai multe linii deodata (Gabi B)
	Asta plus "Download".
[ ] o sugestie ar mai fi ca atunci cand sunt deja pe un fisier sa pot accesa
	istoricul lui (Gabi)
[ ] tree: I have no "UP" folder or the list of dirs with links behind.
[ ] rights: if a user has 'admin/give_rights' rights, allow push?
[ ] wh: add prios - we may want to have a hook for storing in s3 and a hook for
	deployment. Hm.
[ ] wh: tweets for pushes?
[ ] amazon: CodeDeploy a very nice presentation:
	https://confluence.atlassian.com/bamboo/using-the-aws-codedeploy-task-750396059.html
[ ] amazon: allow deploy to multiple regions
[ ] amazon: is clear that i have to use a role and a custom bucket
	Still investigating how to trigger a CodeDeploy task that will fetch
	from repo and do the deploy. Not use if is possible.
[ ] 2fa: m.google.com/authenticator - also for BlackBerry/iPhone/iPad
[ ] When editing rights, it is not clear that we are in edit mode!
[ ] Markdown (Gabi B)
[ ] Editarea bug-urilor pare ca nu merge
	Search for "2015-12-15 08:59:57.328 3a0126"
	repo ladacubasme.html - repo_id = 19
	user DiAngelo - uid 16 - user-ul logat
	08:59:57.328 3a0126 rg_rights_get: obj_id=19 type=repo owner=16 uid=16 right_id=7
[ ] cind rejectez pentru ca nu sint drepturi, ar trebui sa explic ce lipseste.
[ ] clarify rg_base, some users may want to change it, but is not ok.
[ ] README: for manual install: useradd -G rocketgit rocketgit,
	./configure, make, make install, also check rpm spec file.
[ ] README assumes that rocketgit is already installed as package.
[ ] user metadata: description? homepage? picture?
[ ] gravatar: tell user to register!
[ ] get rid of beteen.html (because of css)
[ ] make sure where we use gmdate to add ' UTC'
[ ] rights: "Add bug" should be inserted with prio 30001,
	so user can forbit adding bugs?
[ ] bug: allow private bugs (think about security reports)
[ ] 'creation' => 'itime_nice'
[ ] When a push is done, schedule a disk size rebuild.
	And remove this operation from cron.
[ ] css: add 'position: fixed' to header (still have problems with
	'display: table-row' for header, body, footer)
[ ] about CI: https://opensource.com/business/15/12/git-docker-continuous-integration-tex-documents
[ ] Integrate with https://semaphoreci.com/
[ ] Take a look at cgit interface: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=123d0ba9b8c92ce00d2a0b2f98c5f329353e70d1
[ ] Configure, first time, if we auto insert a "anon push" rule.
[ ] lock: web: show when a repo is locked
[ ] repo lock by ssh?
[ ] wh: Maybe separate push/create repo/create branch, to be able to have
	custom filtering. For example, a regex for pushed refs, or a regex
	for repo name, or a regex for branch name.
	Seems we have a regex for all...
[ ] watch: really do something with the users watching a user.
	when target created a repo, for example.
	Also when target user is watching something else? Interesting!
[ ] watch: add unit test for user watch
[ ] watch: 'repo': url is not correct! Always redirects to "last events".
[ ] "Clone this repository using ssh (do not forget to upload a key first)"
	Do a link to upload a key.
[ ] Important to state boldly: "You do not have to have an account
	to contribute to a project!"
[ ] Code Deployment for Amazon (Dani).
[ ] Investigate unlogged PostgreSQL tables and hstore. To replace the custom
	cache. (http://bonesmoses.org/2015/12/04/pg-phriday-displaced-durability/)
[ ] Some people may be behind a firewall and webhooks will not work correctly.
	Add another type: socket, but in listen mode, and provide notifications
	on that socket. Socket will remain opened as long as needed. Cool!
[ ] watch: pay attention to not send updates about private repos!
[ ] Tell the user how s/he can get an avatar.
[ ] watch: when a user is watching a user, what notifications should receive?
	Create repo. Else?
[ ] watch: when a user is watching a repo, it already watches bugs?
	Should s/he?
[ ] wh: last_output pollutes too must 'user::' namepsace. => too many data
	loaded => bigger latency. And last_output is not very important
	everywhere.
	Maybe move whole wh outside of 'user' namespace? It is accessed seldom.
[ ] If user is not logged in, do not show "Edit", "Close" or "Delete" buttons.
[ ] Cache how many users watch a repo.
	We should have a cron that recomputes the numbers?
[ ] wh: at push time the triggers are not called!
[ ] Auto subscribe users to blog, but allow them to unsubscribe from e-mail.
[ ] Do a small tutorial on how you can create themes (Gabi).
[ ] rate another repo (Gabi)
[ ] suggestions: at least notify by e-mail.
[ ] For pull requests by anon push, add a button to send an e-mail with an
	authorization code to be able to destroy/edit pr.
	The e-mail can be taken from commits.
	Maybe we should reject pr with wrong e-mail addresses?
[ ] For public repos, we should activate by default anonymous push
	and teach user how to disable it.
[ ] When a php script exists, check that every db res was freed!
	I found one case in keys.inc.php!
[ ] Keep in history also the fetches? Too much data?
[ ] When showing files, show total number of lines, size in bytes, type,
	button for download, history, blame, printable, history.
[ ] https://rocketgit.com/user/user/repo/source/log
	We may want to transform the author into a link to rocketgit user page.
[ ] Binary files show wrong on "Tree" menu.
	Example: https://rocketgit.com/user/catalinux/rocketgit/source/tree/blob/root/favicon.ico
[ ] Landing page: As pune accesul spre rutina de inscriere mai sus, in
	loc de cinste, si explicatiile mai jos, pentru cei care nu stiu
	inca de site si de ce face el (Paul).
[ ] Pricing: as face box-ul cu paid support cu o slightly alta culoare
	ca alea mai free, care ar fi bine sa fie mai vizibile. (Paul)
[ ] Link to a resource to learn more about Git (Paul)
	https://git-scm.com/book/en/v2/Getting-Started-Git-Basics
[ ] Si mai zi si ca apreciezi ajutorul dat pentru traducerea site-ului
	in alte limbi (Paul).
[ ] Lightest: eu inteleg prin light ceva mai soft, asa, ai usurel si
	nu foarte profund; as folosi 'highly professional, yet
	super-lightweight' (Paul)
[ ] AS LASA BARA CU MENIUL GLOBAL MEREU VIZIBILA, SUS (Paul)
	I hope it will work only with css, else I will not do it.
[ ] Tonurile sunt foarte apropiate si e greu de urmarit si greu de citi,
	de-a dreptul (Paul).
[ ] Redo favicon.ico with 3 layes, 16x16, 32x32, 48x48 (Paul).
[ ] Add possibility to change the time reporting (selecting a timezone) (Paul)
[ ] When repo changes, seems we do not send by email what changed.
[ ] What is "Non fast-forwards" - document in hints.
[ ] ip: comma/space: not ENTER?
[ ] admin: button to pause events processing. and a reason?
[ ] pr: Add 'reviewers' to a pull request.
[ ] Add a second part, documenting php-fpm.
[ ] Paul: Notify all users (watchers and maybe the ones that had access)
	that a repo was deleted.
[ ] Paul: Add (per project) an "invite" form. The user receiving the e-mail
	will be able to follow the repo link and "create account" link?
[ ] Paul: Allow users to ask for access on a repo?
[ ] Paul: submenus are the same color => they do not seem to stack.
[ ] Paul: More detailed description for repo rights.
[ ] Add phone number for security reasons (if user lost 2fa device etc.)
[ ] Clicking "Discovery" and no repo is present should not invite the user
	to create one...
[ ] Obsolete 'suggestions' and replace them with a link to the bug tracker.
[ ] wh: operation ('event') is not present in the post request!
[ ] Alert admin on any problems (for example if authorized_keys is not
	updated)?
[ ] An attacker can use a webhook (same url) and same repo name
	and, because of ssl caching, will be able to post the notification
	to the victim's server. In C I will be able to use
	CURLOPT_SSL_SESSIONID_CACHE = 0.
[ ] events: add more "threads", so one webhook (for example)
	will not block all requests. Use a pool with a configurable
	number of workers.
[ ] pr: Allow to add a pr even if the repo is not hosted on rocketgit.
	For example, somebody can create a pull request specifying
	an external url and src/dst branch!
[ ] pr: if a ref is a tag/branch, show them nice.
[ ] hint: add a custom hint whenone pull request is loaded.
	Custom = exactly the instructions to pull that request.
[ ] unit test: check if the log is correctly generated after a push.
	I suspect some rights problems.
[ ] pr: I should add also the user who made the pull request
	or anonymous.
[ ] After some releases, remove any trace of q_merge_requests!
[ ] pr: seems now I go through /var/lib/rocketgit/q_merge_requests
	We should use events! And then get rid of this dir.
	What happends now?
	Seems I need to replace rg_mr_queue_add with rg_mr_create.
	Cron loads merge requests from files and calls mr_queue_add.
[ ] Add avatars for bugs.
[ ] Allow an admin to run extra hooks by adding _them_ info
	/var/lib/rocketgit/extra_hooks/{update,post-receive,...}/ folder.
[ ] check 'man git-receive-pack' for gpg (about signed pushes).
[ ] I still have to investigate if I can send git meta messages.
	Not in hooks, but at start. I want to send the welcome message.
[ ] After pushing using anon-push feature, give to the user a link to be able
	to add a proper subject/body. Else, use the first commit for this.
	Or, join all commits messages. I think is better.
[ ] For repo-refs rights, what happens if reference is empty?
	Add a text to tell that it means everything.
	Seems is ok to be empty = allow push - but, check!
[ ] Allow users to hide avatars in config.
[ ] Add a protection against compression vulnerability.
	An attacker will make the victim's browser to do a lot of requests
	trying to guess CSRF tokens inside the HTTP body.
	We should rate limit the requests or somehow change the CSRF token
	with every request. Is enough to use a XOR mask over the token,
	prepended to the token.
[ ] Pull request: I must be able to do the merge from web interface.
	After adding a pull request, and if the src is a fork, we bring
	the commits into the destination repo to be able to test if the
	merge will be ok or not.
	I should inform the user that the merge is ok or not.
	What to do if it is not? Should I notify the owner that the merge
	is not working anymore and put it in a state that is hidden from the
	merge requests that are working?
	Now I think I accept merge requests only by anonymous pushes.
	But I should allow them also from web, at a user request.
	Still have to check how others are doing it.
	Also, we should have the possibility to close the merge request
	(for example when is not needed anymore because a fix was already
	merged); maybe reject with a comment.
	Default, merge with --no-ff, but allow the merge without it.
	Decide if the pull namespace is read only or not.
	GitHub has the following namespace:
		git fetch origin pull/ID/head:BRANCHNAME
	How do I create a pull request?
		- Select the branch from where you want to do the pull request.
			- Where a contributer is allowed to push?
		- Select the target branch.
		- Select "Review" - optional
			- If selected, show the diff
		- Add a commit message
		- Notify committers?
	Where should the "Pull requests" menu be?
	Show some info about the merge request: authors, files, diffstat etc.
	4 pieces of information: src/dst repo/branch.
	Developers can push in their branch, for example: refs/{USER}/
	and can make a pull request from there.
	Add possibility to notify more people that a pull request was created.
	A user must be able to push other commits next to the ones present
	in the pull request.
	Somehow, close a pull request if a user is pushing the changes.
	Also, close even if a rebase was done. It may be hard.
	rstacruz:
		[alias]
		pr  = "!f() { git fetch -fu ${2:-origin} refs/pull/$1/head:pr/$1 && git checkout pr/$1; }; f"
[ ] Need to add comments for pull requests. Find a way to propagate them in the
	git repo?
[ ] Because I show the pull request id, somebody can change the commits.
	Somehow, it should be locked?
[ ] Add "Pull request" and allow a user to do it from a branch or a fork.
[ ] When a push is taking place, add the repo into a new table to:
	- recalculate disk space
	- redo the stats
[ ] Look into making a open source project like travis-ci.org.
	Seems is GitHub locked (you need an GitHub account)!
[ ] Add a prefetched daemon. Example: When user logins, prefetch repo info
	to be warm in cache. The user for sure will access the repos.
	Maybe set a permanent cookie to encode the uid and when a user visits
	login page, prefetch the user info! Cool. Maybe other stuff.
[ ] webhooks: still to add for: Pushes, tags, comment, bug creation,
	pull requests. Does not make sense to encode a lot of info in
	response because a bot can check by itself by fetching.
[ ] Why I cannot push to r1?
[ ] For events, very probably I have to disable the cache.
	Scenario: adding a webhook1, add a repo1, add a webhook2,
	add a repo2. webhook2 will not trigger on repo2 creating because
	only webhook1 is in cache! Very bad!
	More exactly, disable core cache?
[ ] Add notifications for hook add?
	For the user creating the hook is not absolutely necessary.
	Maybe from a security point of view? But the rest of admins
	may want to know. I think I will drop this for now.
[ ] Send an e-mail if webhook fails? Flag when configuring webhook?
	Store the last curl log in 'wh' table?
[ ] Clean 'tmp' folder.
[ ] Document webhooks, mostly 'PHP serialize' type. But also other things.
[ ] Do not forget that cache.php has its own memory cache!
	I must not update the database and expect it to see good values.
[ ] wh: add also XML, JSON
[ ] wh: add other conection types: websocket, socket (low priority)
[ ] How "Delete selected" button should be aligned?
[ ] Use rg_var_a2s for checkboxes.
[ ] http://www.w3.org/TR/clipboard-apis/
	1. maybe support javascript copy API
	2. The boxes with a border on the left would be nice for hints.
[ ] Evaluate https://www.gnu.org/software/repo-criteria.html
	Also in Compare.txt
[ ] When I am in "My repositories" and I am doing a search, other users'
	repositories are shown.
[ ] In user/home-page.php, in hints section, add a message when the user is
	low on scratch codes. Not hint. Or, notify by e-mail?
[ ] test with "short" (0 prepended) codes in unit testing.
	For scs, done, test for devices? This is a little bit harder.
[ ] totp:ssh: do we need a command to remove a set of scratch codes?
	Something like 'remove-sc [<itime>]'. If <itime> is missing, list the
	sets. The IP must be authorized?
[ ] Apply to become a member of Software Freedom Conservancy?
[ ] totp: add sc for ssh!
	Should I validate one after asking the user to store them safe?
	Think about power down before scratch codes hit the printer.
[ ] Get rid of {{}} stuff.
[ ] Some other menus were added, we must load all this pages in unit tests.
	At least totp/{list,enroll,sc}.
[ ] I inconsistently use /op/repo/create and /user/catab/settings!
	Why not /user/catab/repo/create?
[ ] Git stats are done only on master branch. We must done them per branch.
[ ] Test with an empty commit what happens in rg_git_log with patches == TRUE.
	Can happen? Maybe for a rename?
[ ] Add repo stats to ssh repo command.
[ ] build rg_user_git_stats that will lookup email into stats and resolve them
	to be rg links?
[ ] repo:stats: seems the number of commits is limited somehow!
[ ] repo:stats: do not generate patch, but use '--numstat'.
	I know it was a problem to parse it, in the past, but...
[ ] totp: store last ts used, and do not allow reuse.
	The problem is if both session sends the same token (the attacker and
	the good user). But the attacker  can be the first. In this case,
	the user will be denied access! But, he used the good token also,
	should I invalidate both sessions and send a recover code by e-mail?
	What should I do? We may also just lock the account and let the user
	contact the admin. It is clear that an attacker has access to the
	password and to the token.
	I need to think more.
[ ] NO_DELAY for AF_UNIX socket?
[ ] When we copy the tree to prepare the push, copy in a temp folder and do
	a rename to prevent partial trees? I know I give back an error, but ...
[ ] We must clean somehow the namespace dir; think about pushes that fails
	because of network connections. An idea is to use namespaces with a
	static format: rg_user_xxx, so we allow to recover from a push request.
	Is not working for anonymous push. In this case, name it by the sha?
	Or, server reboots in the middle of the push.
[ ] Why first message says that the tag was deleted? Locally?
	=== Testing annotated tag delete without rights (COPYUuMWDS)...
	Deleted tag 'tag2' (was b7fca5f)
	remote: ==========
	remote: RocketGit: refs/tags/tag2
	remote: RocketGit: No rights to delete an annotated tag.
	remote: ==========
	remote: error: hook declined to update refs/tags/tag2
[ ] Restart the cache daemon when an upgrade takes place.
	Done, test.
[ ] Report number of lines of code (and how much a project worth) and
	number of other type of documents.
[ ] Add some flags for users: "Coming from GitHub", to be able to give
	specific hints.
[ ] totp: warn user that if a token is not validated for 1 month will be deleted?
[ ] totp: allow prefix for IP addresses.
[ ] totp: think about authorizing a push, not the ip (ip may be dynamic).
	Somethig like, allow the push as pending, but ask for authorization
	to be sent back:
	ssh ... totp val-push <push_id> <token>
	and remove the push from pending.
[ ] "repo was changed" mail: nothing interesting?!
	If nothing changed, do not send the mail.
[ ] The URL to the repo present in mail is rocketgit.com. We may want to use
	the http host name in there.
[ ] bugs: if none present, just go to 'Add' page.
[ ] Seems 'push' is denied for owner!
	Seems I have the key on both 'admin' user and 'catab'!
	Do something about this?
[ ] features: 'Lightest': Add a note describing that is lightest also with
	the browser.
[ ] Document how to deny non ascii filenames using repo_path.
[ ] When a right denies access, also output the description of that right.
	Maybe add a new box for the text to be shown to the user?
[ ] Tell clear that rg can be used also for books, articles, documentation etc.
[ ] Include uid in namespace path to avoid clashes with other users?
[ ] ssh: show the fingerprint of the used key?
[ ] Detect when a user is cloning a repo and update stats? Seems I cannot do
	this easily becasue I just call git-shell.
	But, at least the fetch can be recorded in stats.
[ ] Add cache in rg_git_log.
[ ] Unit test for fetching by ssh a public repo regarding TOTP
[ ] history: add 2fa ssh validation.
[ ] Add history for totp enrollment.
[ ] ionut: Check this to not be send X-PHP-Originating-Script: 0:user.inc.php
[ ] When listing repos on user homepage, we should not add also the user.
	Check rg_repo_list.
[ ] totp for ssh is not finished yet. remember, totp for ssh seems to be only
	for write access. for rg, this may not be true.
	Also for https cloning/pushing. But, for ssh, I cannot provide the
	'password/token', right? Also, for https, I cannot provide the token,
	only user/pass. Maybe appending token to the pass.
[ ] Can I remove the redirect after login (that means another request)?
	Adding a user is pretty light, we should allow the redirect.
[ ] In the report, send also stats about the events, especially the failed ones.
[ ] Document backup procedure.
[ ] "Forgot password": rate limit it!
[ ] Add history for logins/logouts/API.
[ ] Add max_requests per hour for plans and enforce them.
[ ] Protect login by country/ua?
[ ] Improve input forms to be friendly with mobile phones: give html5 hints.
[ ] Main web application must not have access to e-mail column, maybe others.
	Only the queue processor must be able to use it. This is to avoid
	XSS and the stealing of sensitive information.
	Check http://www.postgresql.org/docs/9.4/interactive/sql-grant.html
	web user must not be able to create roles/tables/databases/etc.
	Hm. What about the settings?! I must be able to do a select...
[ ] totp: Build an Android application which will be able to authenticate also
	the server to the user.
[ ] totp: switch to 'password' type for login_token (login page)?
[ ] totp: hints:
	AWS asks for two consecutive codes. why?
	Google also provides a list of backup tokens to be printed.
	"If you want to activate the TOTP extra step, follow the instructions:
		show the qr code or the key, wait for user to enter it
		and if everything is ok, just activate it.
	Instruct user to remove the token if the phone is lost. But, remind
	user that the account may not be compromised without pass.
[ ] totp: think about loosing the phone.
[ ] totp: what if I encrypt key with the password and decrypt only at login?
	(If somebody steals the database, will not have the keys).
	Cannot do. We need it also at push by ssh.
[ ] totp: hints for ssh
[ ] totp: Implement 2 factor auth
	(check https://korg.wiki.kernel.org/userdoc/gitolite_2fa). Done!
[ ] Use PAM (man pam_start) to be able to use any type of auth, including LDAP.
[ ] http://www.cybertec.at/shrinking-the-storage-footprint-of-data/
[ ] Allow repo admins/owners to delete notes/bugs/etc.
[ ] Seems that some other unit test is messing with repo.php ids.
	Change ids to be protected from interference.
[ ] Use bintray.com to distribute isos?
[ ] When session expires and I press logout, no message is shown.
[ ] When creating an account, seems the email is used as the username in
	browser cache, not the username!
	Check!
[ ] After login, show the last ip and date of the last login?
[ ] Users should be able to check the plans.
[ ] I should show some plan 'islands' when you create the account
	so the user will know the disk space and bandwidth.
[ ] In a table, if nothing can be deleted, do not show the delete button.
[ ] When giving some users rights to your repo, do not spam them with
	messages. The user must agree to be spammed. Best, no notification
	is ever issued. User may go to project to activate them if s/he wants.
	Better, show some notifications in the top bar?
	Or in a weekly e-mail with the status.
	(see Linus Torvalds post about GitHub)
[ ] Add a cache based on content. For example, if a repo was last changed
	at timestamp t1, add a cache entry 'history''t1' with the content
	to not render it again. Same for 'history''source' and
	'history''logs' etc.
[ ] We should have a daemon which will test the expiration of variables in
	cache and will refresh them. Also, it will receive prefetch
	requests. For example: when a user logs in, we can prefetch the list
	of repos.
[ ] Prefetch of varibles from cache
	Take care of non-existing vars in cache.
	First candidate: first_install.
[ ] admin_delete_rights::delete, was not protected against csrf/ua!
	Other places? Use a unit test for this stuff?
[ ] Some rg_cache_unset may trigger an error. Case by case we have to
	analyze the impact. We may want to give an error to the user.
	I am thinking at tokens. Maybe we do ot want to mark it as used in
	db if we cannot set it as used in the cache. Else, an attacker may
	reuse the token.
[ ] Run the tests also with cache down (on the server side).
[ ] Show who is watching a bug.
[ ] Mess with session_*() functions to achieve some vars persistence.
[ ] Add some area with citations?
	- I find people who think open-source is anti-capitalism to be kind
	of naive and slightly stupid. (bloomberg.com)
[ ] Build a big repo from all hosted projects!
[ ] Add a link to comments to be able to pass that link to others.
[ ] First page can be cached at least 10 minutes? I think not because of
	logout token. What if the user is not logged in?! Yep, we can do it.
	ETag! What about the cookies?!
	Also, we may want to reuse the logout token?
[ ] Why 'not github' articles, should be integrated somewhere:
	http://www.valdyas.org/fading/index.cgi/2015/05/29#no-github
	http://www.adamhyde.net/why-github-is-bad-for-open-source/
[ ] ssh: Show user the entry that must be added for known_hosts
[ ] Pass only uid to events, we already have it in cache!
[ ] When we push by ssh, we have the user, so we can give more info about
	why the push failed. Carefull, not too much info. For example:
	"You have no key uploaded, go to ..."
	No key uploaded is not working. ssh server will ask for pass...
	Should we set a special shell and use an empty pass for rocketgit account?
[ ] Should we just set no password somehow for ssh access to be able to signal
	the user that has no key uploaded?
[ ] For 'log' and 'tree' we have decorations for links!
[ ] In "Tree" section, seems the path is doubled.
[ ] Hint: where in fs you can find the repo. Only for admins?
[ ] Hints should not call rg_template, let next rg_template_table to do it.
	(to avoid double replace).
	Anyway, we already do double replace for hints)
[ ] Saving fields in forms when session exired to be reused next time.
[ ] Compression off for ssh because objects are already compressed?
[ ] Add a random token in HTTP header to prevent watermarking (this is the name?).
[ ] Add "Spread the word!" on website.
[ ] https://www.kernel.org/pub/software/scm/git/docs/gitworkflows.html
[ ] git-name-rev is nice.
[ ] git pack-redundant should be called after git gc? And then prune-packed?
[ ] git-relink for really cloned repos?
[ ] Allow creating tags/branches on web interface.
[ ] Use a separate template for main rocketgit.com site. The other users
	should not see the same pages.
[ ] git-filter-branch is very powerful: offer it to the users!
[ ] word-break: break-all; pentru tabelele cu cod. asta permite wrap-ul
	oriunde - still needed?!
[ ] Backup for rg2!
[ ] Add uid to events so we can delete old events for tests or abusing users?
[ ] rocketgit.com: When getting another IP, allow ssh on port 443(https)?
[ ] Investigate --decorate/--word-diff for git log.
[ ] client_win.html hint is not used.
[ ] merge.html hint is not used.
[ ] On create repo form if somebody puts a space, the message does not tell
	what chars are invalid/permited (reported by Ionut).
[ ] Security: Link-uri + xss (Ionut)
[ ] I am able to disable merge/pull requests? Anon yes, but the other ones?
	Add a new right to to it, by default, allow.
[ ] report1: add disk space
[ ] Compress logs (when we are short in disk space)?
[ ] Add right 'allow bad commit messages'.
[ ] Add a new section in 'Rights' to enforce a regex on the commit message.
[ ] Merge requests are not ok - still using files.
	But, we also insert entries in database!
[ ] Implement 'clone' because is easy. The mrs will be a little bit harder.
[ ] Maybe we should not allow bug creation as anonymous?
	How do the anonymous person will edit it? A cookie?
[ ] When a user push something, give them some statistics after.
[ ] When a push failes with a non-fastforward error, show who "broke" the flow.
[ ] We should clean anon namespaces if they fail? name them 'something.tmp'
	till after succesfully run receive-pack. Or just compare with
	the db?
[ ] When a user succesfuly log in, generate a signed token to be used in case
	of brute force attack on his account. With that token he will be able
	to bypass rate limitting. By cookie?
[ ] slogan: it is not rocket science
[ ] nofollow for logout; maybe also in other places
[ ] Check if SSL cyphers are ok
[ ] Se pare ca autogenerez drepturi 'All' pentru orice user asupra repo-ului.
	Se pare ca si la "Path rights"!
	Rezolvat. Ramine problema ca am drepturi full dublate. Nu stiu daca e
	ok sau nu.
[ ] Binary files - diff?
[ ] ionut: Nu e usor sa selectezi url-ul de clonare, tu il ai link: ex: git://git.rocketgit.com/user/catalinux/rocketgit
	Pare ca "git://" nu apare in link.
	Sugestia mea: ori faci un textarea, ori folosesti o librarie pentru
	copy/paste, vezi exemplu cum face github:
	https://github.com/blog/1365-a-more-transparent-clipboard-button sau
	http://davidwalsh.name/clipboard
[ ] ionut: Ai sectiuni de dimensiuni fixe 700px,
	gen: http://rocketgit.com/op/features, daca vrei poti incerca sa
	folosesti css3, flex-box, ceva informatii gasesti aici:
	http://www.w3schools.com/cssref/css3_pr_flex-flow.asp
[ ] Add an invite form (only for logged-in people - because of spam) that
	will send mail to a friend with all the details.
[ ] Graph with the server load.
[ ] Warn users on the first page for behind-the-firewall installations
	that a new version is available. Maybe also the severity level.
[ ] Add unit test for 'copy to' into git_log1. There is already one but does
	not trigger the detection. Maybe we need a bigger file.
[ ] Make the blob show nicer and remove rg_template_list (replace
	it with rg_template*).
[ ] If there are a lot of tags/branches, remove oldest ones.
[ ] Add a "Stats" menu per repo: at least disk size.
[ ] Accessing a file with '"' inside, is not working.
	See rocketgit.com/user/catalinux/test1/source/tree/blob/"xx\"yy"
[ ] Present bugs as a git repo, so we easily add a new one by push?
[ ] vagrant install?
[ ] If I generated some activity on an object, do not notify myself.
[ ] Show the age of a repo/user/bug/etc. Hm. This will prevent the caching.
[ ] We should update the size of the repos only if is dirty (something pushed).
[ ] Before custom hooks, allow enforcing a custom regex for a commit.
[ ] rg_repo_delete trebuie sa stearga si rights si bugs si notes si bug files
	si watch-uri.
[ ] Expose "git reflog".
[ ] Should I allow state select when adding a bug? Better to consider it open?
[ ] Add regex for label filtering, maybe for other fields?
[ ] Add regex for search?
[ ] When showing diff, for the list of files, make links to chunks inside page.
	Already done?
[ ] php-opcache in docs?
[ ] Drop OUTPUT to prevent some attacks? Document in README?
[ ] Seems I cache not set values: first_install is still "?"!
[ ] authorized_keys is missing from 'state' table. Is normal?
[ ] Replace -=ROCKETGIT=- with a random generated code.
[ ] La mail-ul de creare repo, las prea mult spatiu intre "Hello!" si "Repo is".
[ ] Seems I cannot reliable kill cache.php. It becomes a zombie!
[ ] Permisiile pentru /home/rocketgit/.ssh nu sint corecte! Sint root!
	Rezolvat cu chown. Poate vreau sa nu mai rulez cu root keys_regen.
	Only add the regen event! Why? At start we have no users and the first
	key added will generate a trigger.
	May be other places where I run as root!
[ ] I must mark that init.php script was not run, and do not start daemons!
	Else, timezone nasty messages will appear in the logs and only a
	restart will fix the problem.
[ ] HTTP_X_FORWARDED_FOR variable as this data is effectively user input and
	therefore susceptible to spoofing.
[ ] Try to remove non critical queries from main page loading. Just schedule
	the operations for later (register_shutdown_function?).
[ ] We should not delete the tokens. They will be cleaned hourly?
[ ] Remove all texts from code and move them to templates.
[ ] Storing password in database must apply multiple hashes. Check owasp.
	They recommend SHA-256(private_key, salt + pass). Think more.
[ ] Regenerate salt on every successful login? Or after some pre-defined time?
[ ] Get rid of sessions table and use only hmac!
	We may change the encryption key with an algo.
[ ] Should we skip SELECT/INSERT steps for logout (in token_valid)?
[ ] Persistent connection to database?
[ ] Check cache socket is protected against other users.
[ ] Ce se intimpla daca un atacator seteaza un cookie pe .com, de exemplu.
El se va trimite si pe rocketgit.com. Deci, daca user-ul viziteaza site-ul
atacatorului, se seteaza acest cookie, care apoi va fi trimis catre rg.com.
astfel, poate controla cookie-ul (sid-ul), deci si token-ul. Cred ca e grav.
Cred ca asta face browser-ul. As putea sa schimb numele cookie-ului, si sa-l
semnez cumva: ma duc pe attack.com si acolo imi pune un cookie pe .com a=b.
Apoi, viziteaza good.com, si catre acesta trimite cookie-ul a=b.
Daca as lega good.com de a/b, as putea elimina cookie-urile rele.
[ ] http://nedbatchelder.com/blog/201405/github_monoculture.html
[ ] mchapman (subscriber, #66589) (http://lwn.net/Articles/623905/)
	With a GitHub pull-request-based work-flow I need a GitHub account
	(I've been resisting getting one for myself), I need to make sure I
	explicitly "fork" the repository within GitHub (simply pushing my copy
	of the repo to my account won't make pull requests work, as far as I
	know, because GitHub doesn't know that the original project and my
	project are "linked"), and I need to use the GitHub web interface to
	actually generate the pull request and take part in its review. If all
	of this isn't vendor lock-in, I don't know what is.
	I've got bigger problems with the GitHub pull request work-flow anyway.
	If you generate a pull request, discover that changes need to be made,
	you have two choices: you can create a new pull request, losing all
	comments from the previous one, or you have to add new commits. If
	you drop the to-be-pulled branch from your repository and replace it
	with a different branch with the same name, the pull request loses all
	of its comments.
	No, I find the bigger problems are with pull-request based work-flow
	that GitHub uses -- specifically, how that work-flow interacts with
	code review. If your branch is reviewed and it needs modifications,
	then these modifications *should* be made to the original commits
	(not just tacked on as extra commits), which necessarily means the
	branch will be rebased. GitHub's workflow breaks completely when you
	rebase branches.
[ ] Should we delete previous session when user calls login if the user is
	already logged-in?
[ ] security_violation_no_exit -> security_violation? To not spend resources?
[ ] We should be able to have multiple logins (think desktop and phone).
[ ] Test if cache is faster than postgres. If not, get rid of cache!
[ ] Investigate use of persistent prepared sessions.
[ ] What happens if we cannot generate a form token?!
[ ] Add User-Agent to session?
[ ] Check "Content security policy"
[ ] htmlspcialchars does not escape '/'. It may be dangerous:
	https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
[ ] Ar fi fain ca si sesiunile sa nu fie in baza de date. Daca pun uid-ul si
expirarea in ele, as putea sa scap de stocarea in baza de date.
Sa vedem ce stoches in tabela: uid, expire, session_time, ip.
Deci, as putea stoca uid-ul pe 4 bytes, expire pe 4 bytes, session_time
pe 2 bytes, si ip-ul doar pe un bit in cimpul de flag-uri.
As putea sa fac lock si pe user agent daca user-ul vrea asta.
ip-ul si user agent-ul intra in hmac, dar nu se stocheaza in cookie.
Deci, ar fi 2 * (4 + 4 + 2 + 1) + random part + sig = 22 + 8 + 10 = 40
But, we have a problem with the expiration time!
[ ] Still, a lot of things from
	https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
	needs to be implemented.
[ ] Add "Secure" cookie para when using HTTPS.
[ ] Warning if user has not enabled cookies?
[ ] Seems that Etag is not working for main.css!!! At least.
[ ] bad_token.html must not be in user/
[ ] The merge request name is not so good. Maybe include also the user?
[ ] I do at least two times a request to database for uid 22 in hook_update.log
[ ] git update-ref supports "ref:" to update a ref. Should we?
[ ] Document a little bit how a merge request will show up on a repo.
[ ] Limit recursion for regex matches.
[ ] Delete anonymous push must take uid in consideration. Maybe also other ops.
[ ] Add unit test also for paths.
[ ] cache: we may have data with \x0 embedded. Check.
[ ] Do we use users.rights?!
[ ] Add some versioning mechanism to restart the cache daemon when the protocol
	changes.
[ ] What happens when a user adds a non-existing one letter code for rights?
	I should filter it out.
[ ] Log attempts to inject < and > inside vars. Maybe in rg_var_str?
[ ] We should not call cosmetic in rights hl because we anyway load again the
	list. Seems I do not do it.
[ ] Get rid of 'qstats'.
[ ] Do I test somewhere if a commit is bigger than max_commit_size?
[ ] We must test in HL functions if we have rights, not in rg_user_remove & co.
[ ] The caller of rg_user_make_admin must check rights for administering repo.
[ ] If a project is private and the admin gives "Access repo" to a user,
        that user sees the repo as public. Unit test.
[ ] What right is "Access repo"?! I think is for web. Not clear. Check.
	Seems is used on repo-page.php to give access or not to the repo.
	But I should only check if is public.
	No, because the same test is used also for private repos.
[ ] I have to define what means a 'public' repo: fetch + see bug-tracker?
[ ] In loguri, la username, apar unele cu '?'. O fi de la cache
	+ bug-ul in user.inc?
[ ] We should invalidate rights cache when repo goes from public -> private
	and viceversa. This is not so easy. Because the caching is not done by
	repo_id.
	And this is another problem. What about user_id and repo_id clashes?!
	No clashes because we have the type!
	So, when editing the repo and the repo is doing a switch private-repo
	we must to rg_cache_unset("rights_by_obj_id::$repo_id::type
	unde type poate fi "repo", "repo_refs", "repo_path" etc.
[ ] serialize returns a binary string! Not ok to store it like this in db!
	unit test with \0?
[ ] We have big races for cache. But, the same with the database.
[ ] Retest repo rename. Better, add an unit test.
[ ] When changing rights, invalidate/update cache.
[ ] Add unit test for inject functions.
[ ] Description passed in e-mail, may have security implications?
[ ] keywords for search. Really needed?
[ ] check: seems the browser uses 0x0d instead of 0x0a in textareas. unify?
[ ] performance: update session only after the page was flushed to the client!
[ ] ionut: http://blogs.atlassian.com/2014/10/git-summit-2014-video-roundup/?atl_medium=ACE
[ ] Get rid of custom caches in all files!
[ ] Remove rg_menu stuff (replaced with templates).
[ ] Repo owner can e-mail to users that watch?
[ ] Enforce commit messages formats based on a regex.
[ ] Add redirect to HTTPS and enable HSTS
[ ] Should a user see her/his rights?
[ ] Add rights 'allow non-ascii file names'.
[ ] We should not show delete checkboxes/buttons if a user is not allowed
	to delete items.
[ ] Purge deleted bugs (and notes) in background
[ ] Event for bug delete.
[ ] Cineva sterge un bug, si apoi altcineva apasa "delete" pe acelasi bug.
	Va da eroare, dar nu ar trebui sa fie fatala... Eventual sa afisam
	si cine a sters acel bug.
[ ] No expiration for cache?!
[ ] rg_rights_load and rg_rights_get do the same thing. Remove _load.
[ ] Maybe I should disconnect from cache if a "generation number" does not match
	per connection. Think about setting/un-setting a key that fails
	and then issue a get...
[ ] rights_delete_list must invalidate cache.
[ ] Somewhere we must have a section to define the groups and allow rights
	for groups.
[ ] We may allow a list of paths/refs for rights, not only a single one.
[ ] Audit all regular expressions (at least /D). Especially in conf file.
[ ] I should set 'display_errors' to OFF.
[ ] Maybe add db.users.last_ip_failed? Or the history is enough? Yep, log failed logins.
[ ] db.users.last_ip is used for last IP used for login?
[ ] repos.disk_quota_mb must be dropped and do a look-up in plan.
[ ] Integrate max_public/private_repos into HL.
[ ] Allow specifying base language for a project.
[ ] Add country when creating a user?
[ ] When changing db structure, invalidate all caches.
[ ] When we will switch to C, check UTF-8 validation.
[ ] Check http://blog.wikichoon.com/2014/04/github-doesnt-support-pull-request.html
[ ] If path for repo_path rights starts with /, it is anchored.
	Else, can match anywhere.
[ ] refs: if it does not start with refs/, it is assumed that is refs/heads/
	Also, it must be anchored at the begin of the string.
	Really anchored? Why?
[ ] Implement a basic regular expression parser.
[ ] Use an 'indent' string per repo and (optionally) enforce it.
[ ] Should we use a more restrictive umask?
[ ] In some places we have rg_event_add and then COMMIT. The event processing
	loop may lose the last transaction. :(
[ ] Remove rg_repo_rights_*. Seems we cannot because we test if
	ri.uid == login_ui.uid, that we cannot do in rg_rights_get.
	Maybe if we pass the owner of a resource to rg_rights_get.
[ ] $user -> $rg['user']
[ ] $repo -> $rg['repo']
[ ] $org... -> $rg['org...']
[ ] Doar unele functii high-level ar trebui sa aiba pasat $rg-ul.
	Restul, nu!
[ ] rg_re_repopage($rg)?
[ ] We may have a problem creating bugs. We must test for failures at every
	step.
[ ] When listing repos, check the rights!
	For example, a user is allowed to edit a repo, but is not the owner.
	It is not enough to check 'public = 1'. This may generate a lots
	of look-ups for rights. :( Not if we cache the whole rights list.
[ ] Add a reason for suspended accounts? Maybe also for other operations?
[ ] 'users.rights' is still used?!
[ ] Maybe add an indirection level: Projects. Because an admin may use
	rocketgit only for the bug tracker, for example. Or only for mailing
	list. So, "Repositories" will become "Projects". Hm.
[ ] 'first_install' value is not cached in RAM!
[ ] Seems that an annotated tag cannot be overwritten, even with rights.
[ ] Test bug.php is not working. Seems that repo_info is not working right for
	an nonexistent repo_id!
[ ] From arora I cannot login! See a tcpdump.
[ ] Rights management
	- A user USER is trying to push some commits in a branch B,
		for a file F
	- The set of rights may be:
	Branch		File/dir	Rights
	B2		dir/*.png	FPA
	*		dir2		A
	*		*		F
	refs/heads/x/	*		??? - allow to push in private "ns" 'x'
	x/		*		??? - same as above.
	refs/tags/v[0-9]		??? - allow tags that starts with v.
	USER/		*		??? - give rights to any user to a
					private branch (refs/heads/USER/...).
	*		USER/		??? - give rights to any user to a
					private dir.
	- "USER" is the user that is logged in. Maybe find a better string
		because we may have a user "USER".
	- Also limit by time.
	- We have a problem: some rights do not map correctly to the plan above.
	For example, A(admin) etc. Seems we need to have >2 categories.
	- Also, we will have problems classifying a project as public or private.
	Maybe we can compute the rights as an event after any rights change.
	Maybe we should let the user choose what type of project it is, and,
		if is public, to grant fetch right.
	- Should I add "Create users right"?
	- Repo rights: I should split admin into: "edit repo", "delete repo",
		"give rights" (should limit to his rights), "fill bugs",
		"close bugs",
	- Repo rights: allow "*" as user: default rights.
	- Very tempting to give up "register_rights" function and have the
		form as template. But I have to list them, join them etc. Hm.
		Think about translations, some time.
		I could use a rights file: "<right><tab><category><tab><name>"
		but this will duplicate the categories with translations.
		Maybe have two files, one with "<right><tab><category>" and one
		with "<right><tab><text>".
		I decided to let them in php file, but replace text with a
		translation look-up.
[ ] Remove 'admin' stuff. We will give normal rights.
[ ] We will use '*' = all rights, so we can extend the list and some users to
	get them automatically.
[ ] You can grant the rights that you have, no more.
[ ] De scos 'rights' din user/add_edit.html
[ ] Allow comma separated users for grant rights.
[ ] Loading defaults for refs_rights seems to not working.
[ ] Secure transport X in configuratia de apache. Sau in index.php?

== BEFORE NEXT-NEXT RELEASE ==
[ ] Matrix.org support:
	https://gist.github.com/RickCogley/69f430d4418ae5498e8febab44d241c9
[ ] mcr at sandelman dot ca: It would be nice if github could be told to reject
	and/or mark files that have whitespace errors.
[ ] Transform user/bug/* into high level functions.
[ ] Maybe, when user is not logged in, on the "Repositories" main menu
	show most active projects, the biggest ones, recent ones and
	search form. And remove menu "List" + "Search".
	Or, maybe the first page to contain best repos and search form.
[ ] Add possibility to change user time zone.
[ ] At least for notes, add also y/m/d/h/m/s 'ago' next to exact time
	But, this will prevent caches!
[ ] We need a matrix testing with:
	un-logged in user, logged-in user, owner
	vs
	public_repo, private_repo, private_repo_with_rights for logged in user
	We can use a custom theme dir that contains IDs to be able to
	detect if we give errors. Or just match the English string.
[ ] I may check in the main php if doit == 1 and token is valid!
[ ] I may do a function rg_generic_edit_high_level with an array, as parameter,
	with functions to call for different stuff.
[ ] Do not redirect to login page if the user is logged in!
[ ] 'Contact owner'
[ ] When editing a repo, we should not pass 'master' as parameter!
[ ] Delay events processing if load is too big. Maybe same with crons?
[ ] Test (EXPLAIN) that rights_i_type_obj_id is used.
[ ] Admin should be able to stop queue processing.
[ ] When we delete a repo, we must delete also rights and bugs etc. Same
	for a user deletion.
[ ] rights.misc2 is not used now. Drop it?
[ ] How do we set rg_git_host? Now it shows r1i!
[ ] Do not test if we watch a bug if the bug is new.
[ ] repo-home->"Lock repo" + hint=(options to block fetches/commits/bug/etc.)
	and with reason that is logged in history and shown on access.
	Also, admin must have lock power and a reason.
[ ] When sending mails, add also who did the operation. For example, delete
	repo. It may not be the same person that created it!
[ ] Add a description field for rights and keys. Maybe other places.
[ ] Check http://nvie.com/posts/a-successful-git-branching-model/
[ ] After resetting password, go to the login form, with user pre-filed so
	the user can cache the password.
[ ] Add number of bugs multiplied with a factor to total disk space.
	Same for any row in the database. Should we do it?
[ ] How should I verify repo rights?
	if (admin)
	if (owner)
	if (public)
	pentru fiecare drept din lista ordonata dupa prioritati (putem avea mai multe din cauza ip/time/etc.)
		verifica daca are dreptul
	E valabil si pentru drepturi pe user?
	Cum ar trebui sa arate tabela de drepturi? Cred ca e ok. misc poate
	suporta drepturi ciudate.
	Sa vedem cum arata acum:
	type	uid	obj_id	itime	misc	rights
	Ar trebui sa avem si prioritatea in lista ca sa puetm ordona
	dupa cum vrea user-ul.
	Se pare ca rg_rights_load e folosit doar pentru repo si nu si pentru user.
	rg_rights_set nu are notiunea de prio.
	As vrea ca si owner-ul sa poata sa se limiteze la un anumit set de ip-uri.
	This means that the rule with all allow must have prion 30000?
	Asta inseamna ca, din start, ar trebui sa adaug o regula pentru owner.
	Sa incerc sa schitez partea de admin a user-ilor.

[ ] Do not pass a lot parameters in environment. Because of rights, we must
	do a look-up in cache/db anyway. Or, compute correct rights (take in
	account IP/time/etc.). No, because we need paths.
[ ] 'rg_rights_allow' needs a first parameter that is the set.
[ ] Repo rights were split in two. Check all rights checks! Maybe in check
	function, verify that there is a possible right and if not internal_error.
[ ] Tree rights are a mess. User/Repo mixed rights.
[ ] "Create repositories" user right should not be in repo rights?
	Probably not, because we may have no repo in the beginning.
[ ] I will have a csv document with translations from where I will build
	some hash tables for fast look-ups.
[ ] Check "suspend"/"make admin"/etc. in admin area. Maybe use a checkbox and
	an operation to avoid CSRF and to be consistent with ssh keys forms?
[ ] Fix rights saga on user side. We may remove user_allow and replace with
	rights_check?
[ ] "Reset password" in admin area?
[ ] "Make admin" will be replaced by "Edit"?
[ ] Problems trying to push to rg1 because of SELinux:
	type=SELINUX_ERR msg=audit(1366526640.307:1449979): security_compute_sid:
	invalid context unconfined_u:unconfined_r:rocketgit_t:s0-s0:c0.c1023
	for scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
	tcontext=system_u:object_r:rocketgit_exec_t:s0 tclass=process
[ ] Check if adding/editing a bug generates notifications correctly.
	Maybe use a global function for notify_one.
[ ] When we cannot process an event, mark it as failed and do not touch it again.
[ ] Big confusion! An logged in user has a different ID than the one of the repo
	and it may have admin rights! Audit everything (rg_ui/login_ui/$uid).
[ ] Checking mtime of event.php is not enough. Maybe checking version.
	Think of includes that may change.
[ ] Checking for "rg_ui['uid'] == 0" may not be enough.
	Maybe rg_ui[['uid'] = repo['uid']?
	Or, everywhere add 'uid = ?' in queries.
	Scenario: a user pass a list of ids to be del but s/he's not the owner.
[ ] Check if we can give rights for a non-owning repo!
	We should check if the user that gives rights is the owner or has admin
	rights!
[ ] Add "lock ip" to settings and use them as default.
	Also use it for confirmation.
	But, if the IP changes, the user will have to re-login. Hm.
[ ] The rights should be stored on different rows? Probably not.
[ ] Adding an account seems to just show "Account was created".
	Maybe redirect to user page? Only if there is no need to confirm.
	What about lock_ip?
[ ] Where to check if plan exists (rg_user_edit_high_level)?
[ ] SSH keys: add from what IP the key was uploaded?

== Medium ==
[ ] Add hit/miss stats to caches.
[ ] If we have bug tracker, why not a mailing list?!
[ ] Allow comma separated users in (at least) rights grant.
[ ] Suggest some users on repo's "Grant rights". Maybe contributors?
[ ] Does it makes sense to have a local cache (user/repo/etc.) when we have
	another local cache (cache.inc.php)? Pay attention to
	invalidating/refreshing the cache. Hm.
	Really-local one is faster for big lists. But, do we allow such big
	lists without pagination?
[ ] pg_fetch_assoc returns FALSE if error or no more rows.
	We must know the difference!
[ ] No caching for keys.php? If we add one, update first_use only if needed.
[ ] Rate limit at least login operations to prevent brute force passwords.
	Because the attack may come from several IPs, it is tempting to
	use target user for rate limit. But, we will prevent legitimate users
	to login. Maybe just increase the delay for login? Maybe notify user
	how many attempts were before successful login.
[ ] remote.php: call keys_update_use from an event.
[ ] Prea mult spatiu gol la notificarea de schimbare repo.
[ ] @@if: if after {{/}} follows a \n, just remove it? Maybe only if the if
	tokens are the only things on a line.
[ ] Think about moving unused tokens to a new session after login.
[ ] Security: Edit info: user can change the uid behind my back in form!
	This is fixed with rg_user_allow_access. It should be used everywhere.
[ ] Maybe do not deny account creation, but put them on a special state
	and ask admin to allow it?
[ ] info.php shouldn't be converted to high-level function?!
[ ] Move sending e-mails to event.
[ ] Think about renaming repositories to projects. Because they contain also
	the bug tracker. Maybe in the future the admin would want to disable
	some modules (git/bug tracker/etc.).
[ ] When a push/etc. takes places, add an event to recompute disk size!
	Then, remove this from cron.
[ ] Move rg_account_allow_creation and other configuration stuff into admin area.
[ ] How to set default rights for new users? Maybe a section in admin area?
[ ] Computing disk size must invalidate the user cache. Or update it?
[ ] Check in remote.php that for the user connecting we are updating stats.
	Better, update stats for both connecting user and repo is connecting to.
	As an event?
[ ] Allow user to change the plan somehow.
[ ] In documentation, because of SELinux, we may want to restart some services.
	At least: xinetd, cron etc. Probably not, but I must test this.
[ ] Think about generating more tokens. Maybe just sign them to not be forced
	to save them in database. At least generate more than one and cache them.
[ ] Allow upload a ssh key as a file, not only paste it in textarea.
[ ] Merge $more in all places where we add events.
[ ] Invite a friend.
[ ] In a lot of places seems I use rg_log instead of rg_*_set_error!
[ ] Auto login after account creation? What about locking by IP? Maybe just redirect to
	login page with (at least) username pre-filled? Or ask only about "lock ip"?
[ ] sess: just mark it as invalid and store it in cache to not connect to
	database? Cron will clean them up.
[ ] Protect sh scripts to be run as RocketGit user and not other.
[ ] To not have too many keys in authorized_keys, investigate certificates.
[ ] Add cache in:
	- rg_keys_count
	- etc.
[ ] Add transaction in all places where event_add is called.
	Maybe also in other places. Do an audit.
[ ] Remove 'repo/dirty' stuff and replace with events.
[ ] When we delete a user, should we remove from cache the name_to_id/email_to_id?
[ ] Delete repo - check if all is deleted. Seems not.
[ ] Audit all operations to be verified with tokens.
[ ] Create repo on demand when a user pushes.
[ ] Compute how many users are per plan, as an event when a user is
	added/deleted/changed plans. Better, from cron.
[ ] Increment usage on keys should be done by events, with a predefined interval
	to not kill the database.
[ ] Allow user management by ssh:
	ssh rocketgit@host create-account --ssh-key `cat key.pub` <name>.
	ssh rocketgit@host disable-account <name>.
	Of course, check rights.
[ ] Add unit testing for plans and rg_user_over_limit.
[ ] Switch to *_high_level functions.
[ ] When user press submit in a form and session expired, save in a cookie all
	data, invite user to login and redirect to old page will all fields
	filled in! But if the user is in a cafe, s/he will lose that info.
	Better store locally.
[ ] Add rights for "Transform merge request in e-mail".
[ ] Check if all forms keep old values in case of an error.
[ ] Limit the number of e-mails to not flood the inbox.
[ ] Record in some stats how long took a push in terms of cpu/time/etc.
[ ] We should have a log with logins, not only last_login per user.
	So, we should have an event on login and explode it in several queries.
	Also session may be updated from this event, but still with a 1 min gap.
[ ] A script to check if all CSS classes in templates are present in css file.
[ ] Export/import a repo (xml maybe).
[ ] We should warn the user if some users have lower rights than the default!
[ ] Auto-create repos at clone phase, not only at push phase.
[ ] The link to a note should have an anchor to be able to go directly to the note.
[ ] bug tracker is private? If the repo is, it should be also.
[ ] When you watch a project, a note add to a bug will notify that watcher?
	Or we limit to edit/add/close bugs?
[ ] We should also add organization/user next to repo in e-mails.
[ ] Feature to be able to mark a note and the rest under it as read?
[ ] Return error in rg_*_info( when you do not have access?
[ ] SELinux: is not clear how I use SourceX: for .if/.te/.fc.
[ ] SELinux: what about rocketgit_t access to postgresql through apache?
[ ] Check why only 'tageted' policy is installed.
[ ] Should I move the socket to /var/run (using tmp.d)?
[ ] Bug:List: saved searches with spaces inside the name are not correctly escaped.
	Use _ instead of space, or properly escape it (ugly: %20 etc.)?
[ ] "if ($res === FALSE) break" must set the error message!
[ ] Careful order the events. We do not want to build list notifications
	before adding a user to the watch list.
[ ] If description is empty, do not insert a \n in 'new repo' e-mail.
[ ] If the confirmation code is truncated, an internal error is generated
	instead of a user error!
[ ] Third option: anybody can create an account but must be validated by admin.
[ ] When I close a bug, seems I add myself to the watch table again!
[ ] Should we load the lables in rg_bug_info?
[ ] Do we need a rg_bug_cosmetic for notes/users/repos/etc?
[ ] when rights are revoked, also the watch list must be checked.
[ ] When adding a note, add also a checkbox to watch that bug?
[ ] Integrate remote_add.html.
[ ] When I edit a bug, should I remove notes and add_note form?
[ ] Add possibility to add/remove labels when adding a note?
[ ] Bugs: show what filtering is active.
[ ] Bug: Do not allow adding labels if you do not have admin rights.
[ ] Bug: Do not allow close/assign/etc. if you do not have admin rights.
[ ] Menu must be loaded from template.
[ ] Remove any HTML from code.
[ ] List on the first page the latest commits.
	Do not forget to exclude private repos.
[ ] Should we expire the reset password token? Why?
	Somebody can request another one!
[ ] It is not clear that the owner has full rights (repo->admin->edit).
[ ] Allow editing of bug searches.
[ ] Admin: add a feature to become any user. This way we will not duplicate
	a lot of code for editing users/repos/etc. Allow admin to switch
	identities at will.
[ ] Admin: add a feature to reset all passwords.
[ ] Forgot link must use paras and not a parameter. This way we short the URL.
	Maybe send both HTML and plain e-mails?
[ ] Check best practices for salt/pass/forgot pass etc.
[ ] Create a unique index on users(username,organization)?
[ ] We have a little problem: we need the ssh keyring to regenerate fast but
	we may have a big events queue. We may want to signal directly
	the regeneration script and to not store mark-dirty state. Hm.
[ ] Optimize keyring invalidation. Store in cache the ts of last regenerate and
	ignore request before that timestamp.
[ ] We should make stuff more robust. For example: CREATE REPO + HISTORY_INSERT.
[ ] We have to record the renaming in the repo history.
[ ] Use another home page for logged in users.
[ ] repo_invalidate_cache does an implode that can reorder. Use repo_id as key?
	No. But use some combinations of paras.
[ ] Why we use "FOR UPDATE" on 'events' table?! events.php is the only user.
[ ] We need to parallelize the event processing.
[ ] Check if there are unused parameters after name2base(_path).
[ ] Remove any trace of $rr.
[ ] How to deal with browser accessing an old name (after rename)?
[ ] Functions from util.inc.php set rg_util_error(). Use it.
[ ] Remove all "exit(?)" calls.
[ ] Locking is done in global dirs for tests. Use a local folder!
[ ] We must provide a way to propagate errors from events!
[ ] repo.inc should not depend on user.inc!
[ ] rg_repo_info will have almost the same paras as rg_user_info!
[ ] Add a maximum time to keep logs.
[ ] Do not allow double ssh keys in database! Because when we output them
	in authorized_keys ssh will use the first one!
[ ] Move everything 1 month back to simulate next month for part tables.
	Better, do a unit test.
[ ] To not wake up many times (for every sub-event), cache what was done
	(or max(id)) and ignore that wake-ups. Of course, W will become W<ev_id>.
[ ] If session expired and the user is trying to access a repo page, PHP errors
	occurs. I think is related to login_ui/repo_ui.
[ ] Unify repo_create with repo_update, as user_*.
[ ] Clean notification inputs before starting to work to not receive a lot of
them after processing is done.
[ ] Description should not be present anywhere (web). Takes space.
[ ] Seems that ls \.\. works. Check from security pov.
[ ] Profiling is not re-entrant. We should use a stack!
[ ] We should not store repo_id0 into cache!
[ ] We are redirecting the user to history page. Do not wait for git dir!
[ ] Set a policy in config.php and do the cleaning/compress of the log files.
[ ] Fix the mail headers (+dkim) to avoid spam.
[ ] http://joeyh.name/blog/entry/git_push_over_XMPP/ (ialbescu)
[ ] Graphics with database/table/index sizes.
[ ] Add history also for user.
[ ] template_table can deal with a FALSE para: load error.html file in list/
[ ] Put in history how many visitors received.
	Maybe only when hitting some limits?
[ ] Run shaX 1000 times for login?
[ ] There is no back button in tree browsing.
[ ] Allow users to have templates repo to be used when creating a new repo.
	Also define global templates.
[ ] GeoIP
[ ] Specify a timeout for push/fetch.
[ ] Describe also the installation.
[ ] Allow search from the first page.
[ ] Detect hexa strings and link them to commits.
[ ] Any user on a machine can look at repositories.
	Any user can connect to database. Fix also the README after fixing this.
[ ] (Commercially) Provide OpenVPN tunnels to be sure you can push/fetch safely.
[ ] Errors should signal what field is not ok.
[ ] Also log errmsg[] array!
[ ] Add possibility to download the "CV" of a user.
[ ] Happy birthday for projects/users/etc.
[ ] Check if we remove rocketgit, the repos stay!
[ ] Bug rights: add note, anonymous add note, add label, add global search.
[ ] Allow user to specify if is on windows/linux/etc. to be able to give
	specific hints. Hm. The user may have multiple OSs.
[ ] http://rg.embedromix.ro:8000/user/catab/a13/admin/rights?edit_uid=19
	should give an error!
[ ] Pay attention to: https://github.com/sitaramc/gitolite/wiki:
	Please DO NOT send me pull requests via github. Instead, send me an
	email saying what URL and what branch to pull. (The pull system forces
	a --no-ff even if the merge is at the top of my branch and doesn't
	need one. It also gives me no chance to fix up minor typos, add any
	more text to the commit message, etc. I can do that afterward, but
	this forces a "push -f" or a trivial "typofix" commit).
[ ] We should have a 'domain' variable for virtual hosting and use them in
	paths for locks/queues/repos etc.
[ ] Merge requests should use a shorter path? What if a merge request is for
	other branch?
[ ] See diff for merge requests.
[ ] On master, list clones.
[ ] Internal mailing list? Or internal mail?
[ ] We should have a cron/q/remote for every config file!
	Or, at least, to be host aware.
[ ] Install text files in /usr/share/doc
[ ] JUNK1/JUNK2: http://rg.embedromix.ro:8000/user/catab/rocketgit/commit/afd1df2..f919c9b
[ ] Add permission to add bug tracker to a project.
[ ] @@branch@@ is not defined for merge requests. Should it? Probably yes, to filter them.
[ ] Check admin creating of an account.
[ ] Add possibility to reject merge requests, to apply, to delete etc.
[ ] Do we need to escape some chars in console (ssh rocketgit@host repo X)?
[ ] We need to switch to a template for the user form to get rid of a lot of
	mambo-jumbo with the _u array passed!
[ ] Show the API on the webpage, exactly like Blender.
[ ] Migrate to a single function to deal with a request so we can do better
	unit testing.
[ ] We should have a 'policy' table where we have something like:
	ID	max_speed	max_users	max_disk_space
	and every user is associated with such a policy, based on payments etc.
	Example: user X paid some money, and we assign it to level 2
	Level 2 has 4 users, max 100MiB disk space, 1Mbit/s speed.
	He creates a repo and assigns 2 users to it.
[ ] Notifications when disk space is low.
[ ] Check webSSO for authentification.
[ ] Check http://gitlist.org/
[ ] Enforce Signoff-by lines per project (a new permission)
	= reject commits without signoff!
	Maybe, do it generic, allow a text field to enumerate what should be in a commit!
	Also, present a list with checkboxex: at least Signoff-by, Reported-by, Acked-by!
[ ] Linus on why GitHub sucks: https://github.com/torvalds/linux/pull/17#issuecomment-5654674
	- Valid name and valid e-mail address
	- Why the destination should pull?
	- A shortlog of the changes (1 line)
	- A proper diffstat
	- changelog should be shown with a monospace font?
	- First line should be <= 50 chars (short log); then an empty line
	- Rest of commit message to be wrap at 72 chars.
	- Use git-request-pull for merge requests?
	- Exemplu de pull request ok: https://groups.google.com/forum/#!topic/linux.kernel/w957vpu3PPU
	- 
[ ] We need to have a link to current comment/etc.
[ ] Warn if commit messages are too long (no wrap).
[ ] Allow the possibility to send an e-mail to maintainer from web with a pull request
[ ] Merge requests e-mail: explanation of why to pull, diffstat! Maybe also the
	patch if is small.
[ ] Check git-request-pull
[ ] Logo for project. Blender?
[ ] Default branch per project[/user].
[ ] Main language of the project.
[ ] Web site for a project.
[ ] 

== Normal priority ==
[ ] 
[ ] Add hint about "ssh rocketgit@server" to quickly find status etc.
[ ] rg_redirect does not record profiling information!
[ ] git bundle
[ ] How to sign merge requests?!
[ ] Store in a cookie the last uid used, and if > 0, look-up e-mail and pre-fill
	forgot password e-mail field. Not good. An attacker may iterate over all
	uids. But, with a token will be nice!
[ ] Yeah BitBucket's pricing is much better they only charge on the number of collaborators.
[ ] Permit "log" to see more rows.
[ ] Make an option to not allow a client to upload keys. Why?
	To restrict this to admin?
[ ] Can we bypass ssh auth to allow pushes?
	This way maybe we can identify client by fingerprint.
[ ] Use rg_git_diff_tree to test for path based restrictions. Also, take care of renames, copies etc.
[ ] See Gerrit: https://codereview.qt-project.org/#change,22764
[ ] user-conf: option: auto-create-repo-on-push
[ ] Use git push to do all kind of commands: create repo, delete repo, update description etc.
[ ] Optionally init a repo with some files (README, TODO etc.)
[ ] Check https://git.wiki.kernel.org/articles/g/i/t/GitHosting_2036.html
[ ] Add RocketGit to https://git.wiki.kernel.org/articles/g/i/t/GitHosting_2036.html
[ ] Add a dependency on sendmail.
[ ] Improve e-mails to not be considered spam.
[ ] Statistics (number, tool etc.) for project access.
[ ] For bug-tracker use BerliOS as a starting point.
[ ] Allow (anonymous) editing files on web and transform them in merge request.
	How to bundle multiple edits in a single commit?
[ ] On the first page no search form! It is useless!
[ ] Add stats for a repo. Some stuff is already in git.inc.php.
[ ] Anti-spam: hide e-mail addresses!
[ ] Check if a merge request was integrated (hm; what integrated means?!) and
	signal this in merge requests list?
[ ] Add rg_branch_allow_chars and rg_tags_allow_chars.
[ ] repo/tag|branch/<name> page should put next to the commit also the tag/branch.
[ ] Order tags by mtime desc.
[ ] rg_repos should be split in rg_repos and rg_var_lib.
[ ] $blocks = explode("@@left@@-=ROCKETGIT=-@@left@@", $a) - seems that \0 is replaced!
[ ] Check XSRF attacks and other types.
[ ] Validate e-mails.
[ ] Take care of PHP's time limit to not interfere with the rest.
[ ] Differentiate between owner of a repository, currently logged in user and admin.
[ ] Warn before deleting a repo!
[ ] Switch all menus to templates.
[ ] Check double slashes in URLs.
[ ] Automatically create user on anonymous push?
[ ] I am not sure I can reload xinetd and httpd from spec file
[ ] admin: "Lock all accounts" and "Reset password for all accounts and send mail".
[ ] Get memory statistics from /proc.
[ ] Add support for refs/notes/ pushes.
[ ] When logging _SERVER variables, log only the ones prefixed by ROCKETGIT_.
[ ] Ask password when doing any critical change of the account and send mail.
[ ] Add a possibility (link shown in push message) to delete/update/etc. the
	merge request.
[ ] Put form error messages next to the label.
[ ] favicon.ico is not in theme! Should we put it in HTML?
[ ] Create unit testing for all functions.
[ ] Test error code for rg_sql_query.
[ ] Log $ret['errmsg'] for rg_exec
[ ] Audit code to replace parts with rg_internal_error.
[ ] Allow SSH keys per repository (only)? regex?
[ ] Allow remote 'gc' of a repo, besides an automatic one.
[ ] Take care of caching of passwords. Maybe allow a purge of a file from browser?
[ ] "Lock" button to temporary block access to repository.
	Only owner will have access.
	We may add also a text that will be output to clients.
	Add to 'compare'.
[ ] List changes introduced by a merge: git diff-tree --always [--cc] -m -p f7d5b5770f4c6b5a124dad6358bed310d56bf909
[ ] Check pack-protocol.txt!
[ ] When push is executed with success, show a nice message from RocketGit.
[ ] Move is_private member in repo array, not test for empty on default rights
[ ] Move default rights to rights table - I do not remember why.
	Maybe for consistency.
	Ah, yes, also to be able to set rights per branches and per files.
[ ] Log files may be written per repo and per user, with locking...
[ ] Push may be always allowed - but will be done as a merge request! Cool.
	Disk space accounting?
[ ] We should make a repo dirty only if user pushed something with success.
[ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/>
[ ] Allow to recover a deleted repository.
[ ] Deny access in all functions to deleted repositories.
[ ] Count the numbers of clones/pushes/pulls.
[ ] Allow to configure the limit of the patch size to prevent abuses.
[ ] Allow to configure to refuse binary files.
[ ] E-mail aliases section.
[ ] User details section (blog, avatar, mail notifications).
[ ] UTF-8 checks of patches.
[ ] W3C validation on all pages.
[ ] Validate user and repo names. Probably other things.
[ ] What happens if a user is suspended? Do we allow forgot pass sending?
[ ] Do not allow session updates/any command if user is suspended after his/her login.
[ ] Timeout for connections (ssh/git-daemon/etc.)!
[ ] Check if we have to respect 4HEXA also on SSH. I think not.
[ ] Limit number of simultaneously connection per repo and per user.
	Maybe also the time!
[ ] Allow multiple virtual hosts, with different configurations.
[ ] Config file must be able to be set from a env var, to be able to run
	multiple instances of rocketgit on the same server.
[ ] session_time should be set at login time? And/or default s_t should be set
	from database?
[ ] Do not let user upload an already uploaded key.
[ ] Do not permit more than X auth attempts per second.
[ ] See prepare-commit-msg.sample - we can auto add a line to every commit.
[ ] Check http://plathrop.tertiusfamily.net/blog/2010/05/11/git-hooks-branch-acls-and-more/
	to block updates that have not pull - a la SVN
[ ] Maybe we should mark the repository as dirty, only in the post-receive
	hook? Or update is the best place?
[ ] Limit number of commits per push.
[ ] RSS
[ ] Move forget pass token into users table.
[ ] Audit all error messages to not propagate useful info to an attacker.
	Split in two error messages: one for logs and one for user.
[ ] git-daemon connection - cannot get IP info? setenv?
[ ] Do not show sub-menus if user is not logged in on repopage (ialbeascu)
	- duplicate menus?! maybe add an admin link in repopage that goes
	to repo.
[ ] Nice graphic (unrelated to git): http://tctechcrunch2011.files.wordpress.com/2011/07/hadoop2.png?w=640
[ ] git-notes may be used to attach messages to commits. Nice.
[ ] Store also the size of the patch along history/commit info.
[ ] Check SELinux MLS
[ ] Deal with empty repositories (rg_git_ls_tree etc.).
[ ] Show age of an user/org/repo. Example: 1 year, 3 months, 4 days.
[ ] From: http://lwn.net/Articles/460376/
	I can confirm that shortcomings with Gitorious' ACL systems were
	definitely one of the reasons we ended up deciding against it --
	it's just not fine-grained enough and made it impossible to achieve
	the balance of project maintainer / repo manager autonomy and
	fool-proofness we wanted. gitolite makes us super-happy in that regard
	now, though.
	We use a Gitorious instance where I work. One thing that seems
	impossible to do is have custom hooks. Everything must go through
	Gitorious' global hooks. If there's a way around this (new version,
	black magic, whatever), I'd love to hear it.
[ ] Allow git over TLS on a specific port (gits://...).
[ ] KDE: http://news.ycombinator.com/item?id=2972107
[ ] To investigate how gitolite is dealing with pushes without custom daemon.
[ ] Record in notes who pushed a commit first, for trace reasons?
[ ] Add support for hooks/pre-receive-signature
[ ] Work flows: Allow user to edit work-flows. For example:
	- A merge request that is approved in a MR queue will make it
	automatically to the specified queues.
[ ] At push time we may generate some nice informative output (commits,
	last time when current user commited etc.)
[ ] Bulk add users/teams/repos/bugs/etc.

== Low priority ==
[ ] If a user has no push access and creates merge request, but the owner pushed
	nothing, ssh cloning gives errors about HEAD not found.
[ ] Add a "Report a bug on this page" - we already have the log_id!
[ ] Allow a way to authenticate (only) with certificates. We need to specify
	a CA to be able to validate them.
[ ] We can get rid of disk_used_mb (it is sum of all other *_mb fields).
	Take care of API to generate this field.


== Graphics ==
[ ] http://static.phpcloud.com/images/banner/phpcloudcom-spaceship-banner-970x404px.jpg
[ ] 

== Versus ==
* http://www.wikivs.com/wiki/GitHub_vs_Gitorious
* http://unfuddle.com/about/tour/plans
* bitbucket.org
* 


== To recheck ==
* http://techbase.kde.org/Projects/MovetoGit#Post_Update_hooks
* 


Mode Type Size Ref File
100644 blob 9 f3c7a7c5da68804a1bdf391127ba34aed33c3cca .exclude
100644 blob 108 acc2186b1d357966e09df32afcea14933f5f0c78 .gitignore
100644 blob 375 1f425bcd2049c526744d449511094fc045ceac74 AUTHORS
100644 blob 1847 fd1f7a627adc85dec9ebd72ae9e6b4c941b82f8f History.txt
100644 blob 34520 dba13ed2ddf783ee8118c6a581dbf75305f816a3 LICENSE
100644 blob 3624 1c4ccf9cceb2e56ae71334442aff3183b242c333 Makefile.in
100644 blob 5325 96c40d868ce10b715299085ccffb30f96a730cf3 README
100644 blob 190331 0418946bd5fc97da80f0bbd2e918c657536c01e6 TODO
100644 blob 1294 f22911eb777f0695fcf81ad686eac133eb11fcc4 TODO-plans
100644 blob 203 a2863c67c3da44126b61a15a6f09738c25e0fbe0 TODO.perf
100644 blob 967 56bbaa7c937381fb10a2907b6bbe056ef8cc824a TODO.vm
040000 tree - 21928e906ad2907a55c2e81c2a8b0502b586b8a0 artwork
100644 blob 5328 d5be4cc3f15d059ad8d267d800c602e9774816a8 compare.csv
100755 blob 30 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 configure
040000 tree - 811af39b8be55c3a36147dd06b040e86de4e9d4a debian
040000 tree - 7108e9538d908ff384482155efcaef836a057a2c docker
040000 tree - f67d3605efbd6422a8acdd953578991139266391 docs
100755 blob 18252 e2438615edba7066a730ed6a796a5302263f1f37 duilder
100644 blob 536 b791516f9ec08c038e61269e0c5f38446a61e59b duilder.conf
040000 tree - e330b65f3c3eea427853842a05410579de6175bd hooks
040000 tree - e6ef0396dd7f12664ea681377807bdedf09ad13f inc
040000 tree - e255ce234c3993998edc12bc7e93fff555376eda misc
100644 blob 6012 7cf5090db19ef7b7a1a4d962f2588464ff4f1c1f rocketgit.spec
040000 tree - 85421cbfb018ff4b0eebb1741e2dcfcc72f81ada root
040000 tree - 870e96f0afc7d85c97505a878609d386f81748d8 samples
040000 tree - 589b9039f8bbb597747e4e78cdfc26be35ead352 scripts
040000 tree - 454044f7e286fe13ec18598fce6b613190f52e5e selinux
100755 blob 256 462ccd108c431f54e380cdac2329129875a318b5 spell_check.sh
040000 tree - d9260d3cf0d6490be720312893600a8041bf991b techdocs
040000 tree - 5dbc11970335b2e208d92e525d2b6ef49dcce3c3 tests
040000 tree - e810d7397575886ef495708d571eb3675f6928ba tools
Hints:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main