Short Term:
 - Hardening options
   - Linux:
     - hardening-wrapper is an ubuntu package!
       - Still misses BIND_NOW relro protection...
     - http://wiki.debian.org/Hardening
   - Validation Tools:
     - http://www.microsoft.com/en-us/download/details.aspx?id=11910.
     - http://www.trapkit.de/tools/checksec.html
     - https://www.microsoft.com/en-us/download/details.aspx?id=29851
   - Windows
     - https://developer.pidgin.im/ticket/15290
     - http://stackoverflow.com/questions/13276692/safeseh-gs-on-g
     - OpenSSL+zlib don't take cflags??
   - Can we randomize stack canaries each release, etc?
 - Record results + package hashes in git
   - Consolidate all packages down to a single list
 - Determinism issues
   - One of the builds ended up using old Gitian descriptors somehow..
     - Refuse to build if `git diff --raw` is non-zero?
 - Detect arch on Linux
   - https://trac.torproject.org/projects/tor/ticket/3841

Mid Term:
 - Write a VM test+rebuild script
   - Sometimes VM creation produces a base image that won't boot, especially
     for the 'Precise' images used by windows.
   - We should test boot it and if it fails, blow it away and try again.
 - Windows TBB crashes if there's a system tor installed?
   - And/or if you install to c:\Program Files and run as non-Admin
 - Docs are missing
   - Are they even still valid for the Vidalia-less TBB?
 - Why does KVM setup require sudo?
   - Can we create an option that doesn't need it?
 - Clean up old paths (requires Tor Launcher commits)
   - Remove FirefoxPortable paths for Windows
   - Relocate torrc to Library/Tor for MacOS
 - Universal binaries for Mac?
   - Usability win, but gettor loss (we're at 23M right now)
   - https://developer.mozilla.org/en-US/docs/Mac_OS_X_Universal_Binaries
   - "[EXTRA_]{CFLAGS,CXXFLAGS}="-arch i386 -arch x86_64"
     - http://opensource.apple.com/source/gcc/gcc-5666.3/driverdriver.c
       calls i686-apple-darwin11-gcc twice (once with -m32 and -m64)
       and then calls 'lipo' to stich the binaries together
 - Fix windows issues:
   - Link to DirectX via Wine (for WebGL)
     - Weird C++ stdext namespace issues remain :/
 - If Tor Launcher fails to load, the browser still can launch
   - Add browser code to detect missing addons?
   - Missing/Partial Localization strings can cause this..
   - I think we don't care? Torbutton's new tor test should fail..

Long Term:
 - Linux:
   - Verify nothing critical is due to expire from 'ubuntu-support-status'
     - For now, looks like just faketime and rcv.. 
 - Offline building
   - Requires special VM setup.
 - Compile the toolchain, too?
   - Doing so might allow us to build deterministically
     using other Linux distributions as our base image
     - Defense in depth against distribution-wide compromise
     - Though we may still have issues with linking against
       OS shared libraries if the versions don't match.
       - Build them too? Or is it safe to ship reference link
         stubs?
 - FIPS-140 in Firefox build is non-deterministic
   - Only seems enabled for Linux??
