[semi-extrinsic]

I sincerely hope all modern package managers, when invoked with sudo, immediately spawn a very-low-privilege process that does most of the work sandboxed to /tmp/whatnot, and the root process just copies files to the right place and runs some system calls to update databases etc.

[bennofs]

Most package managers I know support Turing complete install hooks. How would a package manager detect what parts of those require/are safe to run with root?