Hi,
thanks for the detailed writeup and the patch!
On 4/24/26 10:05 AM, Andreas Henriksson wrote:
A possibly even better solution (if suitable) would be to move the generation
of the default rules policy from install-time to build-time.
Thats not possible, because the rules are specific to the device
usbguard is installed on (and takes into account the USB devices that
are connected).
If the rules
where generated and installed at build-time then dpkg would both track
ownership of the files belonging to the usbguard package as well as mark it as
a conffile and apply dpkg conffile handling to it.
A third option would be to follow the suggested solution in #97840.
Thats an ITP ;)
