diff --git a/TODO b/TODO
index b181dbf09c..251ce4f8ec 100644
--- a/TODO
+++ b/TODO
@@ -24,6 +24,13 @@ Janitorial Clean-ups:
 
 Features:
 
+* be stricter with fds we receive for the fdstore: close them asynchronously
+
+* be stricter with pid file and notify pids: don't allow them to be outside of cgroup, except if sender is privileged
+
+* calenderspec: add support for week numbers and day numbers within a
+  year. This would allow us to define "bi-weekly" triggers safely.
+
 * add support for recursive bpf firewalling as supported by the newest kernel
 
 * add bpf-based implementation of devices cgroup controller logic for compat with cgroupsv2 as supported by newest kernel
@@ -49,8 +56,6 @@ Features:
   the runtime dir as we maintain for the fdstore: i.e. keep it around as long
   as the unit is running or has a job queued.
 
-* hook up sd-bus' creds stuff with SO_PEERGROUPS
-
 * add async version of sd_bus_add_match and make use of that
 
 * support projid-based quota in machinectl for containers, and then drop