Building, installing, updating & running:
- logging: scrub sensitive information
- logrotate, logburst, log message repeat. We must be able to beat both
  logflood DoS and attack obfuscation attacks. There are already (inadvertent) 
  cases of logflooding ("Consecutive same winner")
- Shell scripts preconfig.sh, start-freenet.sh, stop-freenet.sh, and update.sh
  are outdated.
- building: unchecked operations
- Vanessa's mod: problem: Vanessa did not license her mod.
  Solution: it's at least GPL2 because she distributed the entire freenet
  0.5 code with her modifications on Frost.
  (thanks Agrajag for providing the relevant entries from the GNU FAQ:
   http://www.gnu.org/licenses/gpl-faq.html
   http://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic
   http://www.gnu.org/licenses/gpl-faq.html#TheGPLSaysModifiedVersions
   http://www.gnu.org/licenses/gpl-faq.html#GPLModuleLicense)
- more platform specific build targets (rpm, deb, installer for Win?)
- README:
  * More help for M$ users
- general code cleanup:
  * Find memory leaks
  * remove dead code
  * check variable usage
  * deprecated language features
  * check inheritance structure
- "Attempt to use a released TempFileBucket"

Node:
- Link level encryption DoS: Is is possible to enhance DH with JFKi?
- General overload attack
  http://archives.freenetproject.org/message/20071117.230422.5a8a3ac5.en.html
  "Overload a node. Now you know all the requests it sends you are locally
   originated."
- Scaling properties of NGR?
- "Look at ways of making inserts self-regulating, as requests are with
   NGRouting."
- DOC_BAD_KEY errors fetching ARKs
- NIO asynchronization??? (should this go under FProxy?)
- Premixing
- multiple servers
- UPnP?
- Spread a node over several computers (Sparhawk's idea)

Store:
- Upgrade block cypher from AES128 to AES256
- Avoid datastore access DoS: limit number of simultaneous accesses
- Investigate log entries:
  * "Please close() me manually in finalizer"
  * "FSDataStoreElement not closed in finalizer"
- Datastore request merging
- multiple datastores

FProxy/Web Interface:
- Check filter security (CSS and HTML)
- Cache control: nocache on servlet
- Filter inline data and forbid page preloading
- Remove dead default bookmarks. Add new ones? src/freenet/node/Node.java
  Only "One More Time" still seems to work
- Complete configurability via the web interface
- Safe ECMAScript support
- better diagnostics
- default charset: replace ISO-8859-1 with UTF-8?
- Browser feature vulnerabilities:
  * Prefetching (solution: convert anchor to form submit button)
  * Browser ignores MIME types of RSS feeds (and ATOM feeds?)

Clients, Tools & Documentation:
- junit generates a lot of errors
- javadoc generates a lot of warnings
- Enhance FCP