1. [sch] Put size in manifest so that we can do GET with offset to speed
retrieval. Example: reget on Windows.
2. [billm] ACLs and extended attributes. Are these both new action types?
3. [sch] Do we need other forms of signing, beyond publisher and depot SSL
certificates? Is it best to enforce a CA-based model, or should web
of trust also be allowed?
4. [dp] Package deletion should include a "subsumed-by" or "replaced-by". A
good example is when we stopped including Mozilla, its final
version--expressing the deletion--should have stated subsumption by
Firefox and Thunderbird.
5. [barts] Minimization boundaries based on setuid binaries.
6. [barts] Feature tagging. This should be offered via leaf packages
and grouping packages.
7. [dp] Present timestamp as UTC YYYYMMDDHHMMSS, as opposed to Unix
seconds.
8. [lianep] Be able to preserve specific files, even though the
package no longer provides them. This one's tricky: if you state,
"release file" in version 2, then an upgrade from v 1 to v 3 would
miss it (as v 2's manifest is not consulted). These kind of actions
could be treated as choking, or we could always examine intermediate
manifests.
9. [psa] Take a snapshot [of each affected filesystem] between every
package update operation in a larger image transaction, as opposed
to at the image transaction boundaries only.
10. [sch] Examine use of alternative, HTTP 1.1-friendly URL loading
modules. (Example: Duke's urlgrabber.)
11. [pelegri] Use of package-level metadata to provide additional
information, such as links to training/learning resources,
declarations of related packages, endorsements by certifying
publishers.
12. [sch] Support use of :timestamp field for "newer" and "older"
queries.