update TODO

diff --git a/TODO b/TODO
index 54d459eaddfa99cd2a693560347db8ce0c6780df..ee3f65e085bfba830965ad42128953f1d04ec038 100644 (file)
--- a/TODO
+++ b/TODO
@@ -129,6 +129,15 @@ Deprecations and removals:
 
 Features:
 
+* open up creds for uses in generators, and document clearly that encrypted
+  creds are only supported if strictly tpm bound, but not when using the host
+  secret (as that is only avilable if /var/ is around.
+
+* logind: when logging in, always take an fd to the home dir, to keep the dir
+  busy, so that autofs release can never happen. (this is generally a good
+  idea, and specifically works around the fact the autofs ignores busy by mount
+  namespaces)
+
 * mount most file systems with a restrictive uidmap. e.g. mount /usr/ with a
   uidmap that blocks out anything outside 0…1000 (i.e. system users) and similar.