+* When RLIMIT_NPROC is set from a unit file it currently always is set
+ for root, not for the user set in User=, which makes it
+ useless. After fixing this, set RLIMIT_NPROC for
+ systemd-journal-xyz, and all other of our services that run under
+ their own user ids, and use User= (but only in a world where userns
+ is ubiquitous since otherwise we cannot invoke those daemons on the
+ host AND in a container anymore).
+
+* logind: maybe allow configuration of the StopTimeout for session scopes
+
+* Set NoNewPriviliges= on all of our own services, where that makes sense
+
+* Rework systemctl's GetAll property parsing to use the generic bus_map_all_properties() API
+
+* rework journald sigbus stuff to use mutex
+
+* import-dkr: support tarsum checksum verification, if it becomes reality one day...
+
+* import-dkr: convert json bits to nspawn configuration
+
+* import: support import from local files, and export to local files
+
+* core/cgroup: support net_cls modules, and support automatically allocating class ids, then add support for making firewall changes depending on it, to implement a per-service firewall
+
+* introduce systemd-nspawn-ephemeral@.service, and hook it into "machinectl start" with a new --ephemeral switch
+
+* logind,machined: add generic catch-all polkit verbs for most privileged operations, similar to systemd itself
+
+* "machinectl status" should also show internal logs of the container in question
+
+* "machinectl list-images" should show os-release data, as well as machine-info data (including deployment level)