Hi Bill, On 03/19/2014 07:27 PM, Bill Coderre wrote: In these days of security risks, let me point out that Installer provides an environment variable called INSTALLER_TEMP which points to a secure folder that is created by Installer at the very start of installation, and deleted at the very end. Please use it instead of /tmp whenever possible! Why? Let’s suppose that I am a 14 year old who knows that my school is going to install a certain package, and that package writes to /tmp/cookie. So I create a symbolic link from that to, say, a web filtering program. Now when the install happens, the web filter gets deleted. YAY. Matthias _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com Thanks a lot for pointing this out! I was already wondering how I could create such a folder and pass the info about it to the various parts of the package. Are there already any files or directories inside INSTALLER_TEMP used by the installer itself, so that my scripts should avoid touching them? The "Software Delivery Legacy Guide" is not very detailed in that respect. And that is probably one of the less dangerous abuses (except for the legal department).