posted originally to tech-userlevel, but reposted here to see if anyone here has any thoughts on the issue...

----- Forwarded message from Andrew Brown <atatat@atatdot.net> -----

From: Andrew Brown <atatat@atatdot.net>
To: tech-userlevel@netbsd.org
Subject: usr/pkgsrc: gid (0, 9) permissions (0755, 0775)
Date: Tue, 25 Sep 2001 12:02:13 -0400

i started getting complaints from the nightly security script when i
added group write permissions to my /usr/pkgsrc directory and put it
in group wsrc.  i did this to match my /usr/src directory, which comes
out of the box like this.  the pkgsrc tarball contains files owned by
srcmastr:netbsd (and sometimes by hubert :), and contains mostly group
write permissions, but not always.  since srcmastr and netbsd don't
exist on my machine (and probably not on yours either), the tarball
for pkgsrc unpacks as root:wheel.

i looked in /etc/mtree/special, and /usr/pkgsrc is listed, but
/usr/src is not.  another thing to note is that neither of them is
created by the default install process (/usr/pkgsrc is marked
optional).  i guess more people are expected to use pkgsrc than use
/usr/src.

anyway, i think the group and mode stuff should be altered in
/etc/mtree/special to match something (i'd prefer if it matches me
with root:wsrc, mode 775, but you might not agree), or that
/usr/pkgsrc should just be removed from the special file (since this
is the only thing that my security script complains about, and i'd
like it to shut up, but not just for me...i happen to think the things
it's checking against are wrong).

----- End forwarded message -----

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."