We decided on hardcoded 0644 in the very beginning to be safe and only create files that could be changed by the owner (ACL’s did not exist at the time). Having this hardcoded prevented also frameworks from changing it to some surprising setting somewhere deep down. Till now this decision worked fine as ROOT left the file management to external file management tools that typically manage the permissions and ACL’s depending on specific policies.
Fons.