+* man: move .link, .network and .netdev documentation into their own
+ man pages maybe called "systemd.link(5)", "systemd.network(5)" and
+ "systemd.netdev(5)" or so.
+
+* extend device cgroup controller support to allow enabling groups of
+ device nodes, so that pts can be allowed in whole. For that,
+ introduce the syntax "block-XYZ" and "char-XYZ" in addition to the
+ existing "/dev/foobar", where XYZ then is looked up in /proc/devices
+ and mapped to one or more majors.
+
+* Add all pts device nodes to those allowed by default when the device
+ controller is used.
+
+* "busctl status" works only as root on dbus1, since we cannot read
+ /proc/$PID/exe
+
+* systemctl (and possibly related tools): support a new switch that
+ allows enumerating units in local containers recursively. "systemctl
+ list-units -R" or so should not only lists on the host, but also the
+ services in all containers in a pretty way, to give an overview of
+ the entire system. Also, maybe add "systemctl list-machines" which
+ works like "machinectl list" but includes information about the
+ health status of each registered machine. For that we should
+ probably implement something that encodes the system health status
+ in a single enum state, i.e. something like a system-wide state
+ starting → running → failed → stopping, that is based on the current
+ job queue and a check for failed services. Maybe then change
+ "systemctl status" without args to output this state along with a
+ selection of other data, such as the uptime or so.
+
+* Add a seccomp-based filter for socket() calls to limit services to
+ specific address families (for example: AF_UNIX), inspired by
+ Android's sandboxing
+
+* implement Distribute= in socket units to allow running multiple
+ service instances processing the listening socket, and open this up
+ for ReusePort=
+
+* add a timelimit to generator invocation