dotpups are a flexible installer, not a package management tool
yes, this is exactly correct
a dotpup file is intended to work much like a Windows install-me.exe file would work, for example, as built by
NSIS (Nullsoft Scriptable Install System)
NSIS packages can add/remove entries in the menu and quick-launch bar, create an uninstaller, etc etc ... but as far as i know, it does not do this by itself ... it does it by interfacing with the Windows package management tools, which actually do the work
a dotpup package is intended to work much like an installer file built with NSIS ... for example, eMule, 7-zip, Miranda, Abiword, Bittorrent Mainline, Azureus, OpenOffice, DOSBox, Picasa, Kaspersky, etc etc etc ... see
http://nsis.sourceforge.net/Users
how each packager chooses to implement their packages (what files they put in the package and what they put in the NSIS installer script) is totally up to them
i think the dotpup system does exactly what it was intended to do
The word "dangerous" has been applied to dotpups
yes, by me
the reason a dotpup is potentially dangerous, is that it automatically runs an executable called dotpup.sh, which is usually a script ... of course, clicking any executable file will be equally potentially dangerous
pupget packages are equally potentially dangerous, for the same reason ... installing a pupget package will run a script called pinstall.sh, if it's in the package
do these packages check dependencies against a current list or are apps self containd
no, they are not intended to check for dependencies
a dotpup package is intended to be self-contained and to "just work" ... if a package requires dependencies that are not included with the standard Puppy distro, the packager should either include whatever is necesssary for the package to run, or the documentation with the download link should tell the user what is necessary to be installed for the package to run
an installer, even one as simple as the dotpup installer, can of course, make use of any package management tools that might be provided for it (by the Puppy system or by third party support) ... including dependency resolving tools ... there are distros that do not seem to find automatic dependency resolving tools necessary, for example, distros that are
based on Slackware