> > If you missed the last email in Bug#264011, please read it now. > > Sorry, I forgot about the previous bug and I could not find it in the > current bug list. > > For the record, I heavily disagree to your reasoning. You will help > people to lose mail (and much more) if you run programs as root > without any reason (especially for programs which code is as messy as > procmail), and making it easy for people to close this hole is by no > way worthless.
I understand that you want to have as few suid programs as possible in the system, but it's not as if procmail was being careless with the suid bit, it changes privileges to the user is delivering to as soon as it can. I agree that it should be easy to remove the suid bit, but I think it's already easy enough to remove the suid bit, using dpkg-statoverride. Is there really not a way to tell people to use dpkg-statoverride other than using debconf? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]