+* make use of the new statx mountid and rootmount fields in path_get_mnt_id()
+ and fd_is_mount_point()
+
+* make use of new loopback setup ioctl to setup loopback devices in one atomic
+ ioctl
+
+* nspawn: move "incoming mount" directory to /run/host, move "inaccessible"
+ nodes to /run/host, move notify socket (for sd_notify() between payload and
+ container manager)
+
+* cryptsetup: if keyfile specified in crypttab is AF_UNIX socket, connect to it
+ and read from it (like we do elsewhere with READ_FULL_FILE_CONNECT_SOCKET)
+
+* repart: support setting up dm-integrity with HMAC
+
+* add /etc/integritytab, to support dm-integrity setups. In particular those
+ with HMAC as hash function, so that we can have a protected /home without
+ encryption (leaving encryption to the individual dirs/homed).
+
+* complement root=, rootflags=, rootfstype= with rootsubdir= which allows
+ mounting a subdir of the root fs as actual root. This can be used as
+ fstype-agnostic version of btrfs' rootflags=subvol=foobar.
+
+* add --copy-from and --copy-to command to systemd-dissect which copies stuff
+ in and out of a disk image
+
+* Support ProtectProc= or so, using: https://patchwork.kernel.org/cover/11310197/
+
+* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
+
+* build short web pages out of each catalog entry, build them along with man
+ pages, and include hyperlinks to them in the journal output
+
+* machined: add API to acquire UID range. add API to mount/dissect loopback
+ file. Both protected by PK. Then make nspawn use these APIs to run
+ unprivileged containers. i.e. push the truly privileged bits into machined,
+ so that the client side can remain entirely unprivileged, with SUID or
+ anything like that.
+
+* journald: do journal file writing out-of-process, with one writer process per
+ client UID, so that synthetic hash table collisions can slow down a specific
+ user's journal stream down but not the others.
+
+* add "throttling" to sd-event event sources: optionally, when we wake up too
+ often for one, let's turn it off entirely for a while. Use that for the
+ /proc/self/mountinfo logic.
+
+* move our systemd-user PAM snippet to /usr/, which PAM appears to support
+ these days
+
+* nspawn: support time namespaces
+
+* systemd-firstboot: make sure to always use chase_symlinks() before
+ reading/writing files
+
+* add ConditionSecurity=tpm2
+
+* Remove any support for booting without /usr pre-mounted in the initrd entirely.
+ Update INITRD_INTERFACE.md accordingly.
+
+* pid1: Move to tracking of main pid/control pid of units per pidfd
+
+* pid1: support new clone3() fork-into-cgroup feature
+
+* pid1: also remove PID files of a service when the service starts, not just
+ when it exits
+
+* make us use dynamically fewer deps for containers in general purpose distros:
+ o turn into dlopen() deps:
+ - libpwquality (always) - only relevant for homed, and maybe soon
+ firstboot
+ - elfutils (always)
+ - p11-kit-trust (always)
+ - kmod-libs (only when called from PID 1)
+ - cryptsetup-libs (only in RootImage= handling in PID 1, but not in systemd-cryptsetup)
+ - similar: libblkid
+ - libpam (only when called from PID 1)
+ - bzip2, xz, lz4 (always — gzip and zstd should probably stay static deps the way they are,
+ since they are so basic and our defaults)
+ o move into separate libsystemd-shared-iptables.so .so
+ - iptables-libs (only used by nspawn + networkd)
+
+* seccomp: when SystemCallArchitectures=native is set then don't install any
+ other seccomp filters for any of the other archs, in order to reduce the
+ number of seccomp filters we install needlessly.
+
+* seccomp: maybe use seccomp_merge() to merge our filters per-arch if we can.
+ Apparently kernel performance is much better with fewer larger seccomp
+ filters than with more smaller seccomp filters.
+
+* systemd-path: add ESP and XBOOTLDR path. Add "private" runtime/state/cache dir enum,
+ mapping to $RUNTIME_DIRECTORY, $STATE_DIRECTORY and such