All files in binary rpm will be owned by non-root if package builds as non-root. I mark this sort of things as security for now on. Can anybody audit all packages to be buildable as non-root and thus preventing that ugly bug(s)?! I already posted tons of bugreports about similar problems (missing `%defattr(-,root,root)', stupid `install -u0 -g0', modification of system files when building etc etc...)
i have fixed this problem. Thanks for yout report