> The DESTDIR thing is also a security risk: if someone manages to change
or set it without your knowledge you'll be installing in unexpected
places. Personally I don't call that "best practise".
security risk? Unexpected place? A user can write only where he is allowed to,
this has nothing to do wether you allow to define a DESTDIR or not. And if you
don't want to call this as best practice... Well call it common practice, since
most of the OSS have a $destdir in their makefiles ;)