-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.os.linux.slackware, Pawel Kot dared to utter,
>> tar retains
>> ownership and permissions of files. if you were to create a package as
>> user and then install it as root system-wide, the files *and* the
>> directories in the package would obtain ownership and permissions of the
>> user that created the package.
>
> That's why (among other reasons) the post-install script idea was invented.

It's poor form (IMO) to rely on a post-install script to handle
permissions cleanly. There's a lot of variables that could go wrong,
specifically setting permissions that are insecure or non-functional.
For example, let's suppose for a moment you compiled an apache package
with suexec and did so as a user. In order to know exactly what you
need to set your permissions to, you really need to run "make install"
to be sure you got things correct, and at that point, why are you
bothering to do it twice? In short, a lot of complication that can
break things, and a lot of wasted time and energy.

Like I said in another post. If you can't trust the source code you're
compiling to behave during the compile, why are you compiling it in the
first place?

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB9aCylKR45I6cfKARAstCAJ48REZS0PsFNGAscU/3/bgca9AlUQCeLGBJ
/p4aomB5S6a3nmmBOM+h8Ik=
=nfei
-----END PGP SIGNATURE-----