Comment # 2 on bug 1208004 from Johannes Segitz

In a packaged script you can add more defensive logic easily without having to
bloat the rather large %post section further. One idea would be to add a flag
that indicates that the script already ran and not go through the logic again.
If the circumstances ever change (e.g. the ntp keys are moved into a directory
owned by an unprivileged user) that would limit the impact of the root
escalation to fresh installations, not to every ntp package update.

It's just a suggestion at this point. The current logic is safe, I'm just
worried that this might change over time.