TODO

--- Feature Requests ----

+ Fix primary-UID detection
+ Allow for time-based dump of keys

--- Highest Priority ----

+ Unify commands to reduce the number of executables generated

+ Fix build (and verify that fastbuild is fixed) so that it doesn't barf out
  entirely if a deeply bogus key is found in the stream.

+ if reconcilaition seems to always time-out, perhaps start reconciliation at
  some sub-tree instead of trying to do everything at once.

+ Do a review of all <try...with> clauses to ensure that important exceptions
  are let through.  In particular, Sys.Break should always be let through,
  and Eventloop.SigAlarm should be passed through (or handled specially) by
  every function that could be called in a callback.

--- Lower Priority ----

+ review logging functions to set debug logging level sensibly

+ Add syslog logging as an option.  (still want file logging for verbose logs
  needed for testing, and maybe for execption logging.)

+ Ensure idempotence of all DB functions called by reconserver
   - including deletion and insertion of keys

+ add revocation-first sorting when multiple certificates are present

+ Add periodic tester of invariants -- in particular to check that the inmem
  count remains correct.

+ Add node-from-key hashtbl.  Then, provide a node lookup mechanism that
  first tries the hashtable and then tries the database, without ever loading
  a node into the tree structure.

+ change error-handling code so that RunRecovery errors are handled
  differently: namely, logged and then re-raised so the application exits, or
               perhaps simply exiting the program immediatly.

+ enable limited retry-on-failure for gossip.  That way, a few bum nodes
  won't slow the system down.