Comment 9 for bug 1020904

(In reply to comment #1)
> the package maintainer has not requested a setuid bit by default so far so the
> program is not audited whether it's actually safe to set it.

Per Security_packaging_policy#Setuid_binaries, only a bug report needs to be submitted to the security team, there's no mention that the maintainer need be the submitter.

Given this, can we conclude that this bug report fulfills point #1 and Point #2, is fulfilled by Comment #3 of the bug report where on beginning on line #304 of the source code documents why /sbin/mount.ecryptfs_private need to setuid?

http://en.opensuse.org/openSUSE:Security_packaging_policy#Setuid_binaries