diff --git a/backupninja b/backupninja
index ea7304e115918c95f839b293dd4156cc6dac14f5..d653144a66520082f9ffd0472d59533a59c4f025 100755
--- a/backupninja
+++ b/backupninja
@@ -131,6 +131,23 @@ function setsection() {
 	CURRENT_SECTION=$1
 }
 
+
+#
+# create a temporary file in a secure way.
+#
+function maketemp() {
+	if [ -x /bin/mktemp ]
+	then
+		local tempfile=`mktemp /tmp/$1.XXXXXXXX`
+	else
+		DATE=`date`
+		sectmp=`echo $DATE | /usr/bin/md5sum | cut -d- -f1`
+		local tempfile=/tmp/$1.$sectmp
+	fi
+	echo $tempfile
+}
+
+
 #
 # sets a global var with name equal to $1
 # to the value of the configuration parameter $1
@@ -305,14 +322,7 @@ function process_action() {
 	let "actions_run += 1"
 
 	# call the handler:
-	if [ -x /bin/mktemp ]
-	then
-		local bufferfile=`mktemp /tmp/backupninja.buffer.XXXXXXXX`
-	else
-		DATE=`date`
-		sectmp=`echo $DATE | /usr/bin/md5sum | cut -d- -f1`
-		local bufferfile=/tmp/backupninja.buffer.$sectmp
-	fi
+	local bufferfile=`maketemp backupninja.buffer`
 	echo "" > $bufferfile
 	echo_debug_msg=1
 	(
diff --git a/changelog b/changelog
index 46227d4cc88c687e23d1b1000a8eff443d7e183b..ee0d7271a1407b1e283a6a59f08392af9c3abb63 100644
--- a/changelog
+++ b/changelog
@@ -1,6 +1,8 @@
+version 0.9 -- unreleased
 	removed erroneous magic file marker in pgsql handler
 	fixed insecure temporary file creation
 	fixed incorrect find positional
+	
 version 0.8 -- September 15 2005
 	added pgsql (PostgreSQL) handler, with vservers support.
 	added vservers support to duplicity handler
diff --git a/handlers/maildir b/handlers/maildir
index 0af8ff7c7d66e320cc6c5f5c84c80ea6c66c2a4a..5219bef54a32f03072cec111c89b43d14901a62e 100644
--- a/handlers/maildir
+++ b/handlers/maildir
@@ -12,7 +12,17 @@
 #    weekly.2
 #    monthly.1
 #  if keepdaily is 3, keepweekly is 2, and keepmonthly is 1. 
-# 
+#
+#  The basic algorithm is to rsync each maildir individually,
+#  and to use hard links for retaining historical data.
+#
+#  We rsync each maildir individually because it becomes very
+#  unweldy to start a single rsync of many hundreds of thousands
+#  of files. 
+#
+#  For the backup rotation to work, destuser must be able to run 
+#  arbitrary bash commands on the desthost.
+#
 ##############################################################
 
 getconf rotate yes
@@ -101,8 +111,8 @@ $dir $destuser@$desthost:$destdir/$letter \
 # and add new ones which have just been created.
 
 function do_remove() {
-	local tmp1=/tmp/maildirtmpfile$$
-	local tmp2=/tmp/maildirtmpfile$$
+	local tmp1=`maketemp maildir-tmp-file`
+	local tmp2=`maketemp maildir-tmp-file`
 	
 	for i in a b c d e f g h i j k l m n o p q r s t u v w x y z; do
 		ls -1 "$srcdir/$i" | sort > $tmp1