I think I should perhaps put on a flak jacket before suggesting this.
Perhaps it'd be a good idea to list the directories which we intend
to support on a read-only root, and have packages migrate file
permissions for files installed in these directories to read-only.
Noncompliant packages would then be easy to detect, and compliant
packages which had problems should fail during testing. If this
raised file-location issues, they could then be dealt with my
debian-devel discussion before the packages were uploaded to be
placed in the distribution.
email@example.com (Bill Mitchell)