Ok, I'm confused. The changelog says: * security fix: moved setuid binaries to /usr/lib/man-db and added shell wrapper to execute as user nobody when invoked by root. This would avoid having anybody running man as root, or cron running mandb. Was this done out of sheer paranioa, or is there a real security hole this addresses? -- see shy jo