Ok, maybe this is by design, but if a directory already exist in /, and a package merge it again with different ownership, portage do not honour the new ownership. Problem I see with this, is that stuff like tetex, and mailbase have made changes to owership as fixes (i fixed tetex the other day again), but the user will not get these changes. Also doing the changes in pkg_*(), will cause the mtimes to be altered, which is not exactly what I would like in the first place as well.
This is by design, so that packages don't mess up the perms on /usr, or erase the perms that *you* set on common dirs. I welcome any suggestions that work better.
Yes, its an sticky issue. Just that if I borked the permissions with an ebuild, it do not get fixed by a new revision ... execept of course if I do it in pkg_postinst() ....
summation: if you break permissions fix them in a pkg_postinst forcing new permissions on user == not cool