+* Run most system services with cgroupfs read-only and procfs with a more secure mode (doesn't work, since the hidepid= option is per-pid-namespace, not per-mount)
+
+* sd-event: generate a failure of a default event loop is executed out-of-thread
+
+* expose "Locked" property on logind sesison objects
+
+* add bus api to query unit file's X fields.
+
+* consider adding RuntimeDirectoryUser= + RuntimeDirectoryGroup=
+
+* sd-event: define more intervals where we will shift wakeup intervals around in, 1h, 6h, 24h, ...
+
+* gpt-auto-generator:
+ - Support LUKS for root devices
+ - Define new partition type for encrypted swap? Support probed LUKS for encrypted swap?
+ - Make /home automount rather than mount?
+
+* improve journalctl performance by loading journal files
+ lazily. Encode just enough information in the file name, so that we
+ do not have to open it to know that it is not interesting for us, for
+ the most common operations.
+
+* add generator that pulls in systemd-network from containers when
+ CAP_NET_ADMIN is set, more than the loopback device is defined, even
+ when it is otherwise off
+
+* MessageQueueMessageSize= and RLimitFSIZE= (and suchlike) should use parse_iec_size().
+
+* "busctl status" works only as root on dbus1, since we cannot read
+ /proc/$PID/exe
+
+* implement Distribute= in socket units to allow running multiple
+ service instances processing the listening socket, and open this up
+ for ReusePort=
+
+* socket units: support creating sockets in different namespace,
+ opening it up for JoinsNamespaceOf=. This would require to fork off
+ a tiny process that joins the namespace and creates/binds the socket
+ and passes this back to PID1 via SCM_RIGHTS. This also could be used
+ to allow Chown/chgrp on sockets without requiring NSS in PID 1.
+
+* New service property: maximum CPU and wallclock runtime for a service
+
+* introduce bus call FreezeUnit(s, b), as well as "systemctl freeze
+ $UNIT" and "systemctl thaw $UNIT" as wrappers around this. The calls
+ should SIGSTOP all unit processes in a loop until all processes of
+ it are fully stopped. This can later be used for app management by
+ desktop UIs such as gnome-shell to freeze apps that are not visible
+ on screen, not unlike how job control works on the shell
+
+* completions:
+ - manager property enumeration was broken when systemd moved to /usr/lib/