As for malleability, so anyone wanna say why that can't be done properly on it's own without segwit?
Fair question as the signature malleability issue is quite simple to fix.
When hashing the transaction data to generate a txid, simply skip over the signature data. Everything else stays the same.
Deployment and activation would be via a hard fork set at a certain block height.