As a matter of policy Debian tends to install things like binaries as world readable. In general I don't think we should be copying sensitive information to the initramfs without careful consideration. The rationale is that on systems with full disk encryption the initramfs probably isn't encrypted and thus is at a lower level of security than the root filesystem.
I personally think sticking your full disk encryption keys onto the initramfs doesn't have a lot of value. But sure, OK, there are some cases where you want that. And in those cases I think that as part of doing the careful consideration to decide to put sensitive material onto the initramfs you should set the permissions. So, yes setting this in the package in question seems reasonable. However, there's kind of a bigger problem. What if the initramfs is being stored on a uefi partition or similar where you cannot actually set permissions? --Sam
