Many of the outstanding issues relate to the Javascript code. It would be useful to be able to test GUI updates against live data.
One potential way to do this is to install the JS on a local server, and redirect the /api/* URLs to the live server. However the JS cannot access the JSON data from the remote site because of CORS. Is there any reason not to allow: Access-Control-Allow-Origin: * on the lists.apache.org server? Assuming that it is safe to add such redirects, that would make it very easy to be able to allow testing of different versions of the GUI on the VM host when it is set up. If not, I have found that it's relatively simple to set up a proxy from the local host to lists.a.o. Even login works if the cookies are propagated. However this potentially exposes the login cookie so is probably not advisable for a public server.
