Because the 'p11-kit extract' and 'p11-kit extract-trust' commands are often called in an automated fashion, we should be able to make their output directories chmod -w and thus somewhat read-only.
This could be an additional option to 'p11-kit extract' and packagers or system builders would use that option in their customized 'p11-kit extract-trust' scripts.
Pushed this commit:
Author: Stef Walter <firstname.lastname@example.org>
Date: Tue Mar 19 17:24:47 2013 +0100
extract: Make extracted output directories read-only
This is not a security feature or anything like that, but a hint
that the files are managed by the extract tool and should not be
on Aug 24, 2016 at 02:36:00.
(provided by the Example extension).