symlinks:

- in general apache's symlink handling is broken and slow:
    - consider a group of folks working on a website, there's
	no SymLinksIfGroupMatch
    - consider root owned symlinks on systems allowing
	symlink chown(), root owned symlinks are moderately
	safe (depending on the file parentage)
    - consider systems with chown-away semantics, can you
	chown-away a symlink? bad

- device numbers are an alternative to chroot jails for content
    serving

- ~user can use user uid/gid to restrict the file served
    - similarly can restrict the file ownership for a vhost
    - a more general mechanism is required -- for when parts of a
	url tree are delegated to particular individuals/groups

chroot jails:

- difficult to set up correctly; could develop a tool for building
    a jail

- relatively easy to set up a jail for plain content; more difficult
    to set up jail for CGI
    - possible to have one jail for the content (i.e. httpd itself)
	and another jail for the CGIs (exit jail via suexec).  But
	this is probably worthless because CGIs frequently want
	access to data.

- don't want logs inside jail; but piped logs deal with that

- chroot() jail doesn't work for ~user

misc:

- ~user and vhosts, it would be nice if the vhost group determined
    which ~users are valid