Note about splint.

[rsync.git] / TODO

diff --git a/TODO b/TODO
index 827582332d0c69b2af36c60a6474db79af07c1c3..e3ed8df47b8ca48f4422f4321d339cbee17bebe9 100644 (file)
--- a/TODO
+++ b/TODO
@@ -299,6 +299,16 @@ Win32
   we are correct to call close(), because shutdown() discards
   untransmitted data.
 
+DEVELOPMENT ----------------------------------------------------------
+
+Splint
+
+  Build rsync with SPLINT to try to find security holes.  Add
+  annotations as necessary.  Keep track of the number of warnings
+  found initially, and see how many of them are real bugs, or real
+  security bugs.  Knowing the percentage of likely hits would be
+  really interesting for other projects.
+
 DOCUMENTATION --------------------------------------------------------
 
 Update README