acme/autocert/internal/acmetest/ca.go (5 lines):
	- line 7: // TODO: Consider moving this to x/crypto/acme/internal/acmetest for acme tests as well.
	- line 255: // TODO: Verify nonce header for all POST requests.
	- line 286: // TODO: Check the user account key against a ca.accountKeys?
	- line 638: // TODO: support selecting ECDSA.
	- line 660: // TODO: check the token.


acme/autocert/autocert.go (3 lines):
	- line 44: // TODO: Consider making it configurable or an exp backoff?
	- line 283: // TODO: cache error results?
	- line 562: // TODO: maybe rewrite this whole piece using sync.Once


openpgp/keys.go (3 lines):
	- line 261: // TODO: warn about skipped unsupported/unreadable keys
	- line 355: // TODO: RFC4880 5.2.1 permits signatures
	- line 393: // TODO: RFC 4880 5.2.3.15 defines revocation keys.


acme/autocert/renewal.go (1 line):
	- line 64: // TODO: rotate dr.key at some point?


openpgp/write.go (1 line):
	- line 406: // TODO: we have two of these in OpenPGP packages alone. This probably needs


sha3/sha3_s390x.s (1 line):
	- line 24: // TODO: SHAKE support


curve25519/internal/field/fe_generic.go (1 line):
	- line 249: // identity (a * 2²⁵⁵ + b = a * 19 + b) to the l4 carry. TODO inline


chacha20/xor.go (1 line):
	- line 23: // TODO: delete once the compiler does a reliably