> this is where this idea totally falls down for me.  you think i'm
   > going to trust all these programs with gid mail?
   > 
   > the concept of a single directory for multiple users' mail spools
   > _has_ to be given up before you can even dream of having a safe
   > and secure local mail delivery system.

   "Safe and Secure" is a misnomer with Unix mail under any flavor. 
   Mail is transmitted in cleartext across the internet.  How much 
   privacy do you think there is _anywhere_ in the process?

in the context of my message you quoted, safe means it won't be
corrupted by the delivery process (eg, two messages being written
to the mailbox at the same time), and secure means that no local
user can bypass the security mechanisms in place to make the
delivery _not_ safe.  i'm not at all talking about external
mail, or what is or isn't safe over the internet.

if i cared about the privacy concerns, i would use pgp for all
of my email.  i don't do that.  :-)

   The original problem was to handle the permissions problems on the 
   mail spool directory.  I believe the thread has lost sight of that, 
   and become directed at redesigning the mail process, which is 
   well beyond the scope of this thread.

the mail spool directory has to die.  it is not possible to have
a sane method of local mail delivery and also retain a single
directory for the process.