After Roland's rousing talk at pkgsrcCon/Barcelona, I'm playing with 
unprivileged builds on my pkgsrc system.  I've just installed my first 
package that has a setuid-root binary, but of course, that doesn't get 
installed correctly at the moment.  I'm wondering what the correct 
action should be?

I was thinking of modifying the +PERMS script to handle this situation. 
  The install scripts would grow another shell-settable variable 
PKG_ALLOW_SETGUID which defaults to "yes".  If PKG_ALLOW_SETGUID is 
"yes", then just go ahead and set the mode on set[gu]id programs.  If 
it's "no", then set the mode to 0000 and warn the admin to set the right 
user, group and mode.

Then for unprivileged builds, we default to PKG_ALLOW_SETGUID to "no".

Thoughts?

	Cheers,

	-- Johnny Lam <jlam@pkgsrc.org>