in app-portage/gentoolkit-0.2.1 glsa-check has the folowing permissions:
-rwxr-xr-x 1 root root 8,9K 25. Jan 03:43 /usr/bin/glsa-check
This is a Bad Thing because any unprivileged user can get information very fast about exploitable security holes on the system.
glsa-check should have permissions set to something like this:
-rwxr-x--- 1 root portage 8,9K 25. Jan 03:43 /usr/bin/glsa-check
Removing the executable bit from glsa-check in no way prevents normal users from
obtaining the same information. User can still copy his/her own copy of
glsa-check to the box or simply look at the vdb. glsa-check is also intended
to be run from non root cronjob scripts.
As the user you have the option to remove the executable bits on your own
/var/db/pkg/* but that is not a change we will make to portage or glsa-check.
Sorry closing as WONTFIX. Have a good day.