On Dec 07, Thomas Roessler <[EMAIL PROTECTED]> wrote: >> 30433 mutt: Mutt doesn't create the user's mail file as dictated by >> policy manual [...] >The reason for this is simple: From a least-privilege point of view, >the one and only privileged operation a MUA ever needs to perform is >locking and unlocking the spool file. This can nicely be put into >an external program, as mutt demostrates. Removing or creating the >user's spool file is an additional and unnecessary privileged >operation in a configuration like Debian's. It's a security breach >on systems with a mode 1777 mail spool. I think this is a very sensible rationale. If noone objects I will reassign the bugs against mutt to the policy package.
-- ciao, Marco
