The code is solid (like pdksh is), albeit tersely commented; yet going through it has taught me more than a trick in shell scripting.
Thoroughly recommended as an example of concise -- and secure -- implementation of a simple but powerful idea.
Bear in mind that integrating it into a distribution's package system requires support for script execution before and after actual package installation (%pre/%post in RPM speak).