2 - How we will handle DCOP needs sorting out. Among other things, we
3 need to check that service and service-ownership semantics map to DCOP
6 - Activation needs some careful additional thinking-through.
8 - Property list feature on message bus (list of properties associated
9 with a connection). May also include message matching rules
10 that involve the properties of the source or destination
13 - Automatic service activation, should probably be done through a message flag.
15 - Disconnecting the remote end on invalid UTF-8 is probably not a good
16 idea. The definitiion of "valid" is slightly fuzzy. I think it might
17 be better to just silently "fix" the UTF-8, or perhaps return an error.
19 Owen says we should only validate the UTF-8 on dbus_message_get_string()
20 (changing get_string to have an error return, and allowing a type error
23 - The convenience functions in dbus-bus.h should perhaps have
24 the signatures that they would have if they were autogenerated
25 stubs. e.g. the acquire service function. We should also evaluate
26 which of these functions to include, in light of the fact that
27 GLib/Qt native stubs will probably also exist.
29 - The message handler interface needs rethinking, perhaps handlers should be able
30 to return an error that automatically gets turned into a message; most likely
31 some basic spec'ing out of the GLib/Qt level stubs/skels stuff will be
32 needed to understand the right approach.
34 - assorted _-prefixed symbols in libdbus aren't actually used by
35 libdbus, only by the message bus. These bloat up the library
36 size. Not sure how to fix, really.
38 - if you send a message to a service then block for reply, and the service exits/crashes
39 after the message bus has processed your message but before the service has replied,
40 it would be nice if the message bus sent you an error reply.
42 - build and install the Doxygen manual in Makefile when --enable-docs
44 - if you send the same message to multiple connections, the serial number
45 will only be right for one of them. Probably need to just write() the serial
46 number, rather than putting it in the DBusMessage, or something.
48 - perhaps the bus driver should have properties that reflect attributes
49 of the session, such as hostname, architecture, operating system,
50 etc. Could be useful for code that wants to special-case behavior
51 for a particular host or class of hosts, for example.
53 - currently the security policy stuff for messages to/from
54 the bus driver is kind of strange; basically it's hardcoded that
55 you can always talk to the driver, but the default config file
56 has rules for it anyway, or something. it's conceptually
59 - <limit> elements are not merged in from included configuration
60 files; they have to be in the toplevel file. when loading
61 a child file, we could just init its DBusLimits from the parent,
62 then after parsing copy its DBusLimits back to the parent
64 - when making a method call, if the call serial were globally unique,
65 we could forward the call serial along with any method calls made
66 as a result of the first method call, and allow reentrancy that was
67 strictly part of the call stack of said method call. But I don't
68 really see how to do this without making the user pass around the
69 call serial to all method calls all the time, or disallowing
72 - the invalid messages in the test suite are all useless because
73 they are invalid for the wrong reasons due to protocol changes.
74 (Consider extending test suite to validate that they are
75 invalid for right reason, e.g. an "INVALID_ERROR Foo" line
78 - I don't want to introduce DBusObject, but refcounting and object
79 data could still be factored out into an internal "base class"
82 - modify the auth protocol to also support other initial-handshake
85 - document the auth protocol as a set of states and transitions, and
86 then reimplement it in those terms
88 - dbus_gproxy or dbus_g_proxy?
90 - add dbus_message_has_path(), maybe has_member/interface
92 - The OBJECT_PATH type is not documented in the spec.
94 - re_align_field_recurse() in dbus-message.c is broken because it
95 crashes on some types of header field values. security problem.
97 - the system daemon has to be able to reload changes to the
98 security policy without restarting, because apps won't
99 be coded to handle it restarting
101 - modify the wire protocol to keep the args signature separate
102 from the args themselves. Make the name of TYPE_NAMED part
103 of the type signature, rather than part of the value.
104 Then you have the full typecheck in a single string.
106 - rename TYPE_NAMED to TYPE_CUSTOM, probably a clearer name.
108 - dbus_message_iter_init_array_iterator has "iter" and "iterator"
109 in the same function name
111 - the GLib bindings varargs take DBUS_TYPE_WHATEVER and
112 return stuff allocated with dbus_malloc(); should this
113 be made more "G" at some expense in code duplication?
115 - need to define bus behavior if you send a message to
116 yourself; is it an error, or allowed? If allowed,
117 we need to have a test for it in the test suite.
119 - the max_replies_per_connection resource limit isn't implemented
121 - the pending reply tracking isn't quite right. It currently simply
122 blocks any reply if one wasn't pending. Instead, it needs to
123 allow any reply if one was pending, and block otherwise.
124 Suggest changing the check_reply() call to just get a boolean
125 was_pending_reply value, pass that in to the policy
126 engine, and allow <allow>/<deny> elements to match based on
127 whether it was a pending reply.