Matt Beaumont wrote: > Good idea in principle, but a malicious package will just arrange to > tell J. Random User to run the install with whatever dangerous flags > allow the malware to do its thing, This whole discussion is entirely pointless. On modern systems, installing software is *by definition* highly dangerous, no matter what. If you let someone drop files in places of their choosing (or even with a few restrictions), you've basically agreed to give up control of your machine. Consider how many packages need to install startup scripts or cron jobs. And consider how those could be used to compromise a system. -- David.
