Currently, $DirLock is set to either the value of the
TEMP (or TMP) environment variable, or "/tmp".
For shared-hosting systems, this creates a couple of
nasty problems, one of which is that errant lock files
may block execution for every host on the system, and
the one who created the lock may not have sufficient
permissions to delete it! Also, if any two hosts run an
update at the same time, one will be unnecessarily blocked.
In general, the use of files in world-readable
locations if frowned upon. In this case, probably the
worst that could happen is that any user could block
updates for the entire system.
Would like to see a different directory used, and/or be
able to specify the lock file and dir in the config file.