: why does the procmail package install, by default, as setuid root?  this
   : is insecure even if procmail is supposedly OK :)
   
   It's a MDA, and can function as a replacement for mail.local.  It has to be
   able to setuid() to the destination user in order to write to that user's
   mailbox securely (and on systems where /var/mail is mode 755, in order to
   create a nonexistent mailbox).


i know *why* you _might_ want to make it setuid.  but why is this the
default?  hell, don't make my system possibly more insecure without
even telling you're doing it or give me a chance to disable it!