NEWS: shorten/reword some things

NEWS

@@ -8,14 +8,15 @@ CHANGES WITH 247 in spe:
           and propagate these new event types. The introduction of these new
           uevents (which are typically generated for USB devices and devices
           needing a firmware upload before being functional) resulted in a
-          number of software issues, we so far didn't address (mostly because
+          number of issues which we so far didn't address. We hoped the kernel
-          there was hope the kernel maintainers would themselves address these
+          maintainers would themselves address these issues in some form, but
-          issues in some form – which did not happen). To handle them properly,
+          that did not happen. To handle them properly, many (if not most) udev
-          many (if not most) udev rules files shipped in various packages need
+          rules files shipped in various packages need updating, and so do many
-          updating, and so do many programs that monitor or enumerate devices
+          programs that monitor or enumerate devices with libudev or sd-device,
-          with libudev or sd-device, or otherwise process uevents. Please note
+          or otherwise process uevents. Please note that this incompatibility
-          that this incompatibility is not fault of systemd or udev, but caused
+          is not fault of systemd or udev, but caused by an incompatible kernel
-          by an incompatible kernel change that happened back in Linux 4.12.
+          change that happened back in Linux 4.12, but is becoming more and
+          more visible as the new uvents are generated by more kernel drivers.
 
           To minimize issues resulting from this kernel change (but not avoid
           them entirely) starting with systemd-udevd 247 the udev "tags"
@@ -40,8 +41,8 @@ CHANGES WITH 247 in spe:
           device. To accommodate for this a new automatic property CURRENT_TAGS
           has been added that works similar to the existing TAGS property but
           only lists tags set by the most recent uevent/database
-          update. Similar, the libudev/sd-device API has been updated with new
+          update. Similarly, the libudev/sd-device API has been updated with
-          functions to enumerate these 'current' tags, in addition to the
+          new functions to enumerate these 'current' tags, in addition to the
           existing APIs that now enumerate the 'sticky' ones.
 
           To properly handle "bind"/"unbind" on Linux 4.12 and newer it is
@@ -53,12 +54,12 @@ CHANGES WITH 247 in spe:
             ACTION=="remove",GOTO="xyz_end" instead, so that the
             properties/tags they add are also applied whenever "bind" (or
             "unbind") is seen. (This is most important for all physical device
-            types — as that's for which "bind" and "unbind" are currently
+            types — those for which "bind" and "unbind" are currently
-            usually generated, for all other device types this change is still
+            generated, for all other device types this change is still
             recommended but not as important — but certainly prepares for
             future kernel uevent type additions).
 
-          • Similar, all code monitoring devices that contains an 'if' branch
+          • Similarly, all code monitoring devices that contains an 'if' branch
             discerning the "add" + "change" uevent actions from all other
             uevents actions (i.e. considering devices only relevant after "add"
             or "change", and irrelevant on all other events) should be reworked
@@ -86,10 +87,10 @@ CHANGES WITH 247 in spe:
           behaviour change.
 
         * The MountAPIVFS= service file setting now defaults to on if
-          RootImage= and RootDirectory= are used, ensuring that use of these
+          RootImage= and RootDirectory= are used, which means that with those
-          two settings ensures /proc/, /sys/ and /dev/ are properly set up for
+          two settings /proc/, /sys/ and /dev/ are automatically properly set
-          services. By explicitly turning off these settings old behaviour may
+          up for services. Previous behaviour may be restored by explicitly
-          be restored.
+          setting MountAPIVFS=off.
 
         * Since PAM 1.2.0 (2015) configuration snippets may be placed in
           /usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
@@ -103,9 +104,7 @@ CHANGES WITH 247 in spe:
           packages' vendor versions of their PAM stack definitions from
           /etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
           desired the location to which systemd installs its PAM stack
-          configuration file may be changed via the "pamconfdir" meson variable
+          configuration may be changed via the -Dpamconfdir Meson option.
-          at build time, optionally undoing this change of default paths
-          introduced with systemd 247.
 
         * The runtime dependencies on libqrencode, libpcre2, libpwquality and
           libcryptsetup have been changed to be based on dlopen(): instead of
@@ -119,12 +118,11 @@ CHANGES WITH 247 in spe:
           of these "weak" dependencies should they be installed. Since many
           package managers automatically synthesize package dependencies from
           ELF shared library dependencies, some additional manual packaging
-          work has to be done now to replace this (and the dependencies
+          work has to be done now to replace those (slightly downgraded from
-          downgraded slightly from "required" to "recommended" or whatever is
+          "required" to "recommended" or whatever is conceptually suitable for
-          conceptually suitable for the used package manager). Note that this
+          the package manager). Note that this change does not alter build-time
-          change does not alter build-time behaviour: as before the build-time
+          behaviour: as before the build-time dependencies have to be installed
-          dependencies have to be installed during build, even if they now are
+          during build, even if they now are optional during runtime.
-          optional during runtime.
 
         * sd-event.h gained a new call sd_event_add_time_relative() for
           installing timers relative to the current time. This is mostly a
@@ -139,8 +137,8 @@ CHANGES WITH 247 in spe:
           mounting additional disk images into the file system tree accessible
           to the service.
 
-        * systemd-repart now optionally outputs what it does in JSON format,
+        * systemd-repart now generates JSON output when requested with the new
-          using the new --json= switch.
+          --json= switch.
 
         * systemd-machined's OpenMachineShell() bus call will now pass
           additional policy metadata data fields to the PolicyKit
@@ -154,21 +152,21 @@ CHANGES WITH 247 in spe:
           created or modified, since those mount points should probably remain
           empty.
 
-        * systemd-tmpfiles gained a new --image= switch which is like --root=
+        * systemd-tmpfiles gained a new --image= switch which is like --root=,
-          but takes a disk image instead of a directory as argument. If
+          but takes a disk image instead of a directory as argument. The
-          specified the disk image is mounted (inside a temporary mount
+          specified disk image is mounted inside a temporary mount namespace
-          namespace) and the tmpfiles.d/ drop-ins stored in the image executed
+          and the tmpfiles.d/ drop-ins stored in the image are executed and
-          and applied to the image. Similar, systemd-sysusers gained a new
+          applied to the image. systemd-sysusers similarly gained a new
-          --image= switch, that allows applying the sysusers.d/ drop-ins stored
+          --image= switch, that allows the sysusers.d/ drop-ins stored in the
-          in the image onto the image.
+          image to be applied onto the image.
 
-        * Similar, the journalctl command also gained an --image= switch, which
+        * Similarly, the journalctl command also gained an --image= switch,
-          is a quick one-step solution to look at the log data included in OS
+          which is a quick one-step solution to look at the log data included
-          disk images.
+          in OS disk images.
 
         * journalctl's --output=cat option (which outputs the log content
           without any metadata, just the pure text messages) will now make use
-          of terminal colors when run on a suitable terminal, similar to the
+          of terminal colors when run on a suitable terminal, similarly to the
           other output modes.
 
         * JSON group records now support a "description" string that may be
@@ -178,15 +176,14 @@ CHANGES WITH 247 in spe:
 
         * The "systemd-dissect" tool that may be used to inspect OS disk images
           and that was previously installed to /usr/lib/systemd/ has now been
-          moved to /usr/bin/, reflecting that it's now considered an officially
+          moved to /usr/bin/, reflecting its updated status of an officially
           supported tool with a stable interface. It gained support for a new
           --mkdir switch which when combined with --mount has the effect of
           creating the directory to mount the image to if it is missing
           first. It also gained two new commands --copy-from and --copy-to for
           copying files and directories in and out of an OS image without the
           need to manually mount it. It also acquired support for a new option
-          --json= which controls whether to generate JSON output when
+          --json= to generate JSON output when inspecting an OS image.
-          inspecting an OS image.
 
         * The cgroup2 file system is now mounted with the
           "memory_recursiveprot" mount option, supported since kernel 5.7. This
@@ -195,28 +192,27 @@ CHANGES WITH 247 in spe:
 
         * systemd-homed now defaults to using the btrfs file system — if
           available — when creating home directories in LUKS volumes. This may
-          be changed with the DefaultFileSystemType= setting in
+          be changed with the DefaultFileSystemType= setting in homed.conf.
-          homed.conf. It's now the default file system in various major
+          It's now the default file system in various major distributions and
-          distributions and has the major benefit for homed that it can be both
+          has the major benefit for homed that it can be grown and shrunk while
-          grown and shrunk while mounted, unlike the other contenders ext4 and
+          mounted, unlike the other contenders ext4 and xfs, which can both be
-          xfs, which can both be grown online, but not shrunk (in fact xfs is
+          grown online, but not shrunk (in fact xfs is the technically most
-          the technically most limited option here, as it cannot be shrunk at
+          limited option here, as it cannot be shrunk at all).
-          all).
 
         * JSON user records managed by systemd-homed gained support for
           "recovery keys". These are basically secondary passphrases that can
-          unlock user accounts/home directories, which are computer-generated
+          unlock user accounts/home directories. They are computer-generated
-          rather than user-chosen, and typically have greater
+          rather than user-chosen, and typically have greater entropy.
-          entropy. homectl's --recovery-key= option may be used to add a
+          homectl's --recovery-key= option may be used to add a recovery key to
-          recovery key to a user account. The generated recovery key is
+          a user account. The generated recovery key is displayed as a QR code,
-          displayed as QR code, so that it can be scanned off screen to be kept
+          so that it can be scanned to be kept in a safe place. This feature is
-          at a safe place. This concept is particularly useful in combination
+          particularly useful in combination with systemd-homed's support for
-          with systemd-homed's support for FIDO2 or PKCS#11 authentication, as
+          FIDO2 or PKCS#11 authentication, as a secure fallback in case the
-          a secure fallback in case the security tokens are lost. Recovery keys
+          security tokens are lost. Recovery keys may be entered wherever the
-          may be entered wherever the system asks for a password.
+          system asks for a password.
 
         * systemd-homed now maintains a "dirty" flag for each LUKS encrypted
-          home directory that indicates whether a home directory has been
+          home directory which indicates that a home directory has not been
           deactivated cleanly when offline. This flag is useful to identify
           home directories for which the offline discard logic did not run when
           offlining, and where it would be a good idea to log in again to catch
@@ -231,29 +227,28 @@ CHANGES WITH 247 in spe:
 
         * systemd-nspawn has been reworked to use the /run/host/incoming/ as
           place to use for propagating external mounts into the
-          container. Similar /run/host/notify is now used as socket path for
+          container. Similarly /run/host/notify is now used as the socket path
-          container payloads to communicate with the container manager using
+          for container payloads to communicate with the container manager
-          sd_notify(). In the /run/host/inaccessible/ directory the container
+          using sd_notify(). The container manager now uses the
-          manager now places "inaccessible" file nodes of all relevant types
+          /run/host/inaccessible/ directory to place "inaccessible" file nodes
-          which may be used by the container payload as bind mount source to
+          of all relevant types which may be used by the container payload as
-          over-mount inodes that shall be made inaccessible
+          bind mount source to over-mount inodes to make them inaccessible.
-          with. /run/host/container-manager will now be initialized to the same
+          /run/host/container-manager will now be initialized with the same
-          string that the $container environment variable passed to the
+          string as the $container environment variable passed to the
-          container's PID 1 contains. /run/host/container-uuid will be
+          container's PID 1. /run/host/container-uuid will be initialized with
-          initialized to the same string $container_uuid is set to. This means
+          the same string as $container_uuid. This means the /run/host/
-          the /run/host/ hierarchy is now the primary way how host resources
+          hierarchy is now the primary way to make host resources available to
-          are made available to containers. The Container Interface documents
+          the container. The Container Interface documents these new files and
-          these new files and directories:
+          directories:
 
           https://systemd.io/CONTAINER_INTERFACE
 
         * Support for the "ConditionNull=" unit file condition has been
-          removed. It has been deprecated and undocumented for 6 years
+          deprecated and undocumented for 6 years. systemd started to warn
-          now. systemd started to warn about its use 1.5 years ago. It has now
+          about its use 1.5 years ago. It has now been removed entirely.
-          been removed entirely.
 
         * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
-          systemd-nspawn all system call filter collisions will be logged by
+          systemd-nspawn all system call filter violations will be logged by
           the kernel (audit). This is useful for tracking down system calls
           invoked by container payloads that are prohibited by the container's
           system call filter policy.
@@ -264,7 +259,7 @@ CHANGES WITH 247 in spe:
           useful in cases where multiple errors shall be handled the same way.
 
         * A new system call filter list "@known" has been added, that contains
-          all system calls known at build-time of systemd.
+          all system calls known at the time systemd was built.
 
         * Behaviour of system call filter allow lists has changed slightly:
           system calls that are contained in @known will result in a EPERM by
@@ -276,24 +271,22 @@ CHANGES WITH 247 in spe:
           applications.
 
         * Two new unit file settings ProtectProc= and ProcSubset= have been
-          added that expose the hidepid= and subset= mount options of
+          added that expose the hidepid= and subset= mount options of procfs.
-          procfs. When used on services all processes inside it will only see
+          All processes of the unit will only see processes in /proc that are
-          processes in /proc that are are owned by the service's user
+          are owned by the unit's user. This is an important new sandboxing
-          themselves. This is an important new sandboxing option that is
+          option that is recommended to be set on all system services. All
-          recommended to be set on all system services where that's
+          long-running system services that are included in systemd itself set
-          possible. All long-running system services that are included in
+          this option now. This option is only supported on kernel 5.8 and
-          systemd itself set this option now. This option is only supported on
+          above, since the hidepid= option supported on older kernels was not a
-          kernel 5.8 and above, since the hidepid= option supported on older
+          per-mount option but actually applied to the whole PID namespace.
-          kernels was not a per-mount option but actually applied to the whole
-          PID namespace.
 
         * Socket units gained a new boolean setting FlushPending=. If enabled
           all pending socket data/connections are flushed whenever the socket
           unit enters the "listening" state, i.e. after the associated service
           exited.
 
-        * The unit file setting NUMAMask= gained a new "all" value: if set, all
+        * The unit file setting NUMAMask= gained a new "all" value: when used,
-          existing NUMA nodes are added to the NUMA mask.
+          all existing NUMA nodes are added to the NUMA mask.
 
         * A new "credentials" logic has been added to system services. This is
           a simple mechanism to pass privileged data to services in a safe and
@@ -302,61 +295,61 @@ CHANGES WITH 247 in spe:
           private information such as user names, certificates, and similar to
           system services. Each credential is identified by a short user-chosen
           name and may contain arbitrary binary data. Two new unit file
-          settings have been added for this: SetCredential= and
+          settings have been added: SetCredential= and LoadCredential=. The
-          LoadCredential=. The former allows setting a credential to a literal
+          former allows setting a credential to a literal string, the latter
-          string, the latter sets a credential to the contents of a file (or
+          sets a credential to the contents of a file (or data read from a
-          data read from a user-chosen AF_UNIX stream socket). Credentials are
+          user-chosen AF_UNIX stream socket). Credentials are passed to the
-          passed to the service via a special credentials directory whose path
+          service via a special credentials directory, one file for each
-          is passed in the new $CREDENTIALS_DIRECTORY environment variable,
+          credential. The path to the credentials directory is passed in a new
-          which contains one file for each credential. Since the credentials
+          $CREDENTIALS_DIRECTORY environment variable. Since the credentials
           are passed in the file system they may be easily referenced in
-          ExecStart= command lines too, thus not requiring any explicit support
+          ExecStart= command lines too, thus no explicit support for the
-          for the credentials logic in daemons (though ideally daemons would
+          credentials logic in daemons is required (though ideally daemons
-          look for the bits they need in $CREDENTIALS_DIRECTORY themselves
+          would look for the bits they need in $CREDENTIALS_DIRECTORY
-          automatically, if set). The $CREDENTIALS_DIRECTORY is backed by
+          themselves automatically, if set). The $CREDENTIALS_DIRECTORY is
-          unswappable memory (if privileges allow it), is immutable (also if
+          backed by unswappable memory if privileges allow it, immutable if
-          privileges allow it), is accessible only to the service's UID, and is
+          privileges allow it, is accessible only to the service's UID, and is
-          automatically destroyed when the service goes down.
+          automatically destroyed when the service stops.
 
         * systemd-nspawn supports the same credentials logic. It can both
           consume credentials passed to it via the aforementioned
           $CREDENTIALS_DIRECTORY protocol as well as pass these credentials on
           to its payload. The service manager/PID 1 has been updated to match
           this: it can also accept credentials from the container manager that
-          invokes it (in fact: any process that invokes it), and pass it on to
+          invokes it (in fact: any process that invokes it), and passes them on
-          its services. Thus, credentials can be propagated fully down the
+          to its services. Thus, credentials can be propagated recursively down
-          tree: from a system's service manager to a systemd-nspawn service, to
+          the tree: from a system's service manager to a systemd-nspawn
-          the service manager tat runs as container payload and to the service
+          service, to the service manager that runs as container payload and to
-          it runs below. Credentials may also be added on the systemd-nspawn
+          the service it runs below. Credentials may also be added on the
-          command line, using the new --set-credential= and --load-credential=
+          systemd-nspawn command line, using new --set-credential= and
-          command line switches, that match the aforementioned service
+          --load-credential= command line switches that match the
-          settings.
+          aforementioned service settings.
 
         * systemd-repart gained new settings Format=, Encrypt=, CopyFiles= in
           the partition drop-ins which may be used to format/LUKS
           encrypt/populate any created partitions. The partitions are
           encrypted/formatted/populated before they are registered in the
-          partition table, so that they appear "atomically": either the
+          partition table, so that they appear atomically: either the
-          partitions do not exist yet or they exist fully
+          partitions do not exist yet or they exist fully encrypted, formatted,
-          encrypted/formatted/populated — there is no time window where they
+          and populated — there is no time window where they are
-          are "half-initialized". Thus the system is robust to abrupt shutdown:
+          "half-initialized". Thus the system is robust to abrupt shutdown: if
-          if the tool is terminated half-way during its operations on next boot
+          the tool is terminated half-way during its operations on next boot it
-          it will start from the beginning.
+          will start from the beginning.
 
         * systemd-repart's --size= operation gained a new "auto" value. If
           specified, and operating on a loopback file it is automatically sized
           to the minimal size the size constraints permit. This is useful to
           use "systemd-repart" as an image builder for minimally sized images.
 
-        * systemd-resolved now supports a third IPC interface for requesting
+        * systemd-resolved now gained a third IPC interface for requesting name
-          name resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
+          resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
-          interface is now supported. The nss-resolve NSS modules has been
+          interface is now supported. The nss-resolve NSS module has been
-          modified to use this new interface instead of D-Bus now. Using
+          modified to use this new interface instead of D-Bus. Using Varlink
-          Varlink has a major benefit over D-Bus: it works without a broker
+          has a major benefit over D-Bus: it works without a broker service,
-          service, and thus already during earliest boot, before dbus-daemon is
+          and thus already during earliest boot, before the dbus daemon has
-          invoked (which is a late boot service). This means name resolution
+          been started. This means name resolution via systemd-resolved now
-          via systemd-resolved now works at the same time systemd-networkd
+          works at the same time systemd-networkd operates: from earliest boot
-          operates: from earliest boot on, including in the initrd.
+          on, including in the initrd.
 
         * systemd-resolved gained support for a new DNSStubListenerExtra=
           configuration file setting which may be used to specify additional IP
@@ -366,8 +359,8 @@ CHANGES WITH 247 in spe:
         * Name lookups issued via systemd-resolved's D-Bus and Varlink
           interfaces (and thus also via glibc NSS if nss-resolve is used) will
           now honour a trailing dot in the hostname: if specified the search
-          path logic is turned off. Thus "resolvectl query foo.bar." is now
+          path logic is turned off. Thus "resolvectl query foo." is now
-          equivalent to "resolvectl query --search=off foo.bar".
+          equivalent to "resolvectl query --search=off foo.".
 
         * systemd-resolved gained a new D-Bus property "ResolvConfMode" that
           exposes how /etc/resolv.conf is currently managed: by resolved (and
@@ -375,14 +368,16 @@ CHANGES WITH 247 in spe:
           this property in its status output.
 
         * The resolv.conf snippets systemd-resolved provides will now set "."
-          as search domain if no other search domain is known. This turns off
+          as the search domain if no other search domain is known. This turns
-          behaviour in glibc that an implicit search domain is derived from the
+          off the derivation of an implicit search domain by nss-dns for the
-          local system's hostname if it is set to an FQDN.
+          hostname, when the hostname is set to an FQDN. This change is done to
+          make nss-dns using resolv.conf provided by systemd-resolved behave
+          more similarly to nss-resolve.
 
         * systemd-tmpfiles' file "aging" logic (i.e. the automatic clean-up of
           /tmp/ and /var/tmp/ based on file timestamps) now looks at the
-          "birth" time (btime) of a file in addition to the atime, mtime,
+          "birth" time (btime) of a file in addition to the atime, mtime, and
-          ctime, to determine if it should be kept or deleted.
+          ctime.
 
         * systemd-analyze gained a new verb "capability" that lists all known
           capabilities by the systemd build and by the kernel.
@@ -395,12 +390,12 @@ CHANGES WITH 247 in spe:
           having to rebuild systemd.
 
         * systemd-logind will now listen to the KEY_RESTART key from the Linux
-          input layer and reboot the system if it is pressed, similar to how it
+          input layer and reboot the system if it is pressed, similarly to how
-          already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART was
+          it already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART
-          originally defined in a Multimedia context (to restart playback of a
+          was originally defined in the Multimedia context (to restart playback
-          song or film), but is now primarily used in various embedded devices
+          of a song or film), but is now primarily used in various embedded
-          for "Reboot" buttons. Accordingly, systemd-logind will now honour it
+          devices for "Reboot" buttons. Accordingly, systemd-logind will now
-          as such. This may configured in more detail via the new
+          honour it as such. This may configured in more detail via the new
           HandleRebootKey= and RebootKeyIgnoreInhibited=.
 
         * systemd-nspawn/systemd-machined will now reconstruct hardlinks when
@@ -424,12 +419,12 @@ CHANGES WITH 247 in spe:
           now be marked to be independent of any underlying network interface
           via the new Independent= boolean setting.
 
-        * systemctl gained support for two new verbs: "log-level" and
+        * systemctl gained support for two new verbs: "service-log-level" and
-          "log-target" which may be used on services that implement the generic
+          "service-log-target" may be used on services that implement the
-          org.freedesktop.LogControl1 D-Bus interface for dynamically adjusting
+          generic org.freedesktop.LogControl1 D-Bus interface to dynamically
-          the log level and target. All of systemd's long-running services
+          adjust the log level and target. All of systemd's long-running
-          support this now, but ideally any system service would implement this
+          services support this now, but ideally all system services would
-          interface to make the system more uniformly inspectable and
+          implement this interface to make the system more uniformly
           debuggable.
 
         * The SystemCallErrorNumber= unit file setting now accepts the new
@@ -441,7 +436,7 @@ CHANGES WITH 247 in spe:
           list of syscalls that shall be logged about (audit).
 
         * The OS image dissection logic (as used by RootImage= in unit files or
-          systemd-nspawn's --image= switch) has learnt support for identifying
+          systemd-nspawn's --image= switch) has gained support for identifying
           and mounting explicit /usr/ partitions, which are now defined in the
           discoverable partition specification. This should be useful for
           environments where the root file system is
@@ -461,21 +456,21 @@ CHANGES WITH 247 in spe:
           will now log the thread ID in their log output. This is useful when
           working with heavily threaded programs.
 
-        * If the SYSTEMD_RDRAND enviroment variable is set to "0" systemd's use
+        * If the SYSTEMD_RDRAND enviroment variable is set to "0", systemd will
-          of the RDRAND CPU instruction is disabled. This is useful in
+          not use the RDRAND CPU instruction. This is useful in environments
-          environments such as replay debuggers where CPU level
+          such as replay debuggers where non-deterministic behaviour is not
-          non-deterministic behaviour is not desirable.
+          desirable.
 
         * When building systemd the Meson option
-         "compat-mutable-uid-boundaries" may now be specified. If so systemd
+          -Dcompat-mutable-uid-boundaries may now be specified. If enabled,
-         reads the system UID boundaries from /etc/login.defs, instead of using
+          systemd reads the system UID boundaries from /etc/login.defs, instead
-         the built-in values selected during build-time. This is an option to
+          of using the built-in values selected during build-time. This is an
-         improve compatibility for upgrades from old systems. It's strongly
+          option to improve compatibility for upgrades from old systems. It's
-         recommended not to make use of this functionality on new systems (or
+          strongly recommended not to make use of this functionality on new
-         even enable it during build), as it makes something
+          systems (or even enable it during build), as it makes something
-         runtime-configurable that is mostly an implementation detail of the
+          runtime-configurable that is mostly an implementation detail of the
-         OS, and permits avoidable differences in deployments that create all
+          OS, and permits avoidable differences in deployments that create all
-         kinds of problems in the long run.
+          kinds of problems in the long run.
 
 
 CHANGES WITH 246: