+`Term::ReadKey` is not a hard dependency in our case, *i.e.* po4a
+works nicely without it. But the po4a Debian package recommends
+`libterm-readkey-perl`, so it will probably be installed on most
+systems using the po plugin.
+
+If `$ENV{COLUMNS}` is not set, `Locale::Po4a::Common` uses
+`Term::ReadKey::GetTerminalSize()` to get the terminal size. How safe
+is this?
+
+Part of `Term::ReadKey` is written in C. Depending on the runtime
+platform, this function use ioctl, environment, or C library function
+calls, and may end up running the `resize` command (without
+arguments).
+
+IMHO, using Term::ReadKey has too far reaching implications for us to
+be able to guarantee anything wrt. security. Since it is anyway of no
+use in our case, I suggest we define `ENV{COLUMNS}` before loading
+`Locale::Po4a::Common`, just to be on the safe side. Joey?
+[[--intrigeri]]
+
+### msgmerge
+
+`refreshpofiles()` runs this external program. A po4a developer
+answered he does "not expect any security issues from it".
+
+### Fuzzing input
+
+I was not able to find any public information about gettext or po4a
+having been tested with a fuzzing program, such as `zzuf` or `fusil`.
+Moreover, some gettext parsers seem to be quite
+[easy to crash](http://fusil.hachoir.org/trac/browser/trunk/fuzzers/fusil-gettext),
+so it might be useful to bang msgmerge/po4a's heads against such
+a program in order to easily detect some of the most obvious DoS.
+[[--intrigeri]]
+
+> po4a was not fuzzy-tested, but according to one of its developers,
+> "it would be really appreciated". [[--intrigeri]]
+
+gettext/po4a rough corners
+--------------------------
+
+- fix infinite loop when synchronizing two ikiwiki (when checkouts
+ live in different directories): say bla.fr.po has been updated in
+ repo2; pulling repo2 from repo1 seems to trigger a PO update, that
+ changes bla.fr.po in repo1; then pushing repo1 to repo2 triggers
+ a PO update, that changes bla.fr.po in repo2; etc.; quickly fixed in
+ `629968fc89bced6727981c0a1138072631751fee`, by disabling references
+ in Pot files. Using `Locale::Po4a::write_if_needed` might be
+ a cleaner solution. (warning: this function runs the external
+ `diff` program, have to check security)
+- new translations created in the web interface must get proper
+ charset/encoding gettext metadata, else the next automatic PO update
+ removes any non-ascii chars; possible solution: put such metadata
+ into the Pot file, and let it propagate; should be fixed in
+ `773de05a7a1ee68d2bed173367cf5e716884945a`, time will tell.
+
+Misc. improvements
+------------------
+
+### page titles
+
+Use nice page titles from meta plugin in links, as inline already
+does. This is actually a duplicate for
+[[bugs/pagetitle_function_does_not_respect_meta_titles]], which might
+be fixed by something like [[todo/using_meta_titles_for_parentlinks]].
+
+### source files format
+
+Markdown is supported, great, but what about others? The set of file
+formats supported both in ikiwiki and po4a probably is greater than
+`{markdown}`. Warning: the po4a modules are the place where one can
+expect security issues.
+
+Translation quality assurance
+-----------------------------
+
+Modifying a PO file via the CGI must be forbidden if the new version
+is not a valid PO file. As a bonus, check that it provides a more
+complete translation than the existing one.
+
+A new `cansave` type of hook would be needed to implement this.
+
+Note: committing to the underlying repository is a way to bypass
+this check.