Rootless Builds
This is the landing page for the warning in dpkg-deb and the dpkg-dev NEWS entry, and other sources that might need to guide packagers on to perform rootless builds.
After several years of work, dpkg-buildpackage has switched from using fakeroot by default to doing rootless builds by default. If this causes your builds to fail or generate unexpected artifacts, you may need to change your build process or temporarily revert to the old behaviour.
Newer versions of dpkg and debhelper support building packages without root privileges (real or via fakeroot etc.). Defaulting to these "rootless" builds reduces the risk of accidental damage on the system from build scripts (the source needs to be trusted anyway as the binaries will be installed as root); and to maintain LD_PRELOAD hacks that are fragile, slow, and have to be updated each time an interface changes.
If your package fails to build rootlessly, it's probably giving up when it can't perform a privileged operation like chown root:adm filename (either in the packaging or in the upstream build system).
If your build generates unexpected artifacts when building rootlessly, it may be ignoring error codes from privileged operations, or the packaging process might incorrectly assume it will be called twice - first with with build target, then a binary target. If your third-party package is built directly with dpkg-deb, it should now get a warning and a hint to use --root-owner-group, which should work as long as the package only needs root:root ownership of files.
If you can't support rootless builds right now (e.g. because you need to make a file owned by a specific non-root:root user), add Rules-Requires-Root: binary-targets to the source stanza in debian/control. Alternatively, pass --rules-requires-root to dpkg-buildpackage.
See also
rootless-builds.txt file in the dpkg-dev package.