-OTHERLANGUAGES dependencies
----------------------------
-
-Pages using `OTHERLANGUAGES` must depend on any "master" and "slave"
-pages whose status is being displayed. It will trigger dependency
-loops; how to sort this out?
+Security checks
+---------------
+
+- `refreshpofiles` uses `system()`, whose args have to be checked more
+ thoroughly to prevent any security issue (command injection, etc.).
+ > Always pass `system()` a list of parameters to avoid the shell.
+ > I've checked in a change fixing that. --[[Joey]]
+- `refreshpofiles` and `refreshpot` create new files; this may need
+ some checks, e.g. using `IkiWiki::prep_writefile()`
+ > Yes, it would be ideal to call `prep_writefile` on each file
+ > that they write, beforehand. This way you'd avoid symlink attacks etc to the
+ > generated po/pot files. I haven't done it, but it seems pretty trivial.
+ > --[[Joey]]
+- Can any sort of directives be put in po files that will
+ cause mischief (ie, include other files, run commands, crash gettext,
+ whatever).
+- Any security issues on running po4a on untrusted content?
+
+gettext/po4a rough corners
+--------------------------
+
+- fix infinite loop when synchronizing two ikiwiki (when checkouts
+ live in different directories): say bla.fr.po has been updated in
+ repo2; pulling repo2 from repo1 seems to trigger a PO update, that
+ changes bla.fr.po in repo1; then pushing repo1 to repo2 triggers
+ a PO update, that changes bla.fr.po in repo2; etc.; fixed in
+ `629968fc89bced6727981c0a1138072631751fee`?
+- new translations created in the web interface must get proper
+ charset/encoding gettext metadata, else the next automatic PO update
+ removes any non-ascii chars; possible solution: put such metadata
+ into the Pot file, and let it propagate; should be fixed in
+ `773de05a7a1ee68d2bed173367cf5e716884945a`, time will tell.
+
+Misc. improvements
+------------------