We need better documentation for administrators, covering installation, domain management, key management, and all the other things we're passing on by word of mouth currently.
We also need better documentation for developers, so that people who aren't Dan can work on the code. This primarily means API documentation (and possibly API cleanup). We might consider an autodocumentation system like doxygen.
Any remaining critical bugs (such as "spum") need to be squashed. Should we institute a bug tracking system to manage this process?
Key management needs to be simpler, and everyone who downloads Gale should not have to e-mail Dan. This probably means some kind of autosigning service. The system also needs to recover more gracefully from operator errors, and check for common problems like mismatched public and private keys.
The user documentation we have should be revised as per the category redesign. Finally, of course, the code should be changed to support this category redesign.
Gale should be conveniently packaged. Ideally, it would be available as RPMs, DEBs, binary tarballs, and of course source code, all of which would be as self-configuring as possible. Portability is important, and the code base should be tested on a wide range of platforms.
We should perform scalability testing so that Gale's load limits are well understood. Any easy performance improvements should be made.
Better and more complete user documentation is good to have.
Many users would like a curses-based client.
ElGamal encryption may be preferable, though the release of RSA makes this less important. RSAREF is not free software, and should be replaced by something like OpenSSL.
Documentation!
Trap SEGV, BUS, ABRT, and other fatal signals; invoke some kind of crash handler.
What role does gwatch play? Is it even necessary? Should it support a gwatchrc script?
Add a common "-D" command-line flag to define variables.
Allow a single message to be signed by several keys.
Make some utilities to allow the use of Gale encryption in other contexts (like e-mail)?
Enable "stealth encryption" to make traffic analysis more difficult, and write "gtraffic" to drive the point home.
Private key exchange tools would make it easier for users to set up groups and manage their own accounts.
Allow local restarts, rather than just the global debug/restart hack.
Install the domain key in ${sys_dir}/etc/gale/auth/local (non-world-readable) rather than in the domain owner's home directory.
Drop root privileges upon initialization.
Unset soft resource limits on file descriptor use on startup.
Servers should detect loops in the topology and do something about them.
Servers should keep dynamic subscription lists.
Integrate Nathan Lutchansky's "queueing" patch for gsub.
Make a new gsubrc protocol (in addition to the old one) that has a streaming format for more efficiency -- don't launch a new process for each message.
Should user-defined gsubrc processes be invoked to handle errors? That way the user could control error-message formatting, and possibly take other actions. This is particular useful with errors resulting from message content, e.g. unknown encryption IDs.
Define some sort of markup language for puffs (XML-based?) and support rendering of rich text in gsub.
Add a "blind carbon copy" option to gsend.
Make gsend timestamp messages on transmission, not inception.