spamd 3.1.0 run as username change

[Josko Plazonic <pl...@Math.Princeton.EDU>]

Hello,

I'd like to ask if there is any particular reason behind the change 
between 3.0.4 and 3.1.0 spamd in "run as username" code (say spamd -u 
spamuser -x ...)?  In 3.0.x code spamd will change uid to specified 
username much earlier than in 3.1.0.  In 3.1.0 this is done only in 
children and the parent process continues running as root.

Why am I asking?  First of all is it even necessary for parent process 
to run as root in such configuration (-u username -x ...) - securitywise 
one would like to shed root privileges wherever not required and where 
-u and -x options are used we can do it early.

More importantly - due to this change preload_modules_with_tmp_homedir 
is now always ran as root, even with -u and -x options.  I'd personally 
like to avoid any unnecessary running of any code as root but this also 
causes issues with file owneship problems in spamuser directory (again 
spamd -u spamuser -x ...).  Depending how you use -H this might cause 
certain modules to create files as root in spamuser's directory - e.g. 
with pyzor and razor - that will need to be written by spamuser later.  
Not to mention that pyzor and razor get ran as root too... 

So to get back to original question - any reason why this change was 
made and why it couldn't be undone?

Josko P.