Hey, I don't like the adoption queue idea.
I wonder if it'd be a good idea to simply flag all addition of/changes to .install files (maybe by new accounts)? One possible concern with this approach is it might make malicious actors disguise their efforts a bit more, say adding malicious commands to the shell script shipped to /usr/bin instead of running the command immediately as a .install hook.
-- Cheers, Aᴀʀᴏɴ
OpenPGP_0xCBC3973CD9FC6A16.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
