can't upload data without root priviliges

In the meanwhile, I found out that this bug is due to permission issues when accessing USB.

This issue affects all applications accessing garmin GPS devices directly via usb (such as gpsbabel). Here is a description and a solution: http://www.gpsbabel.org/os/Linux_Hotplug.html
The relevant part is this:

    To allow the USB devices to be read and written by a non-privileged user, create a named /etc/udev/rules.d/51-garmin.rules with the following contents:
    SYSFS{idVendor}=="091e", SYSFS{idProduct}=="0003", MODE="666"

Would it be possible to create such a rule by default? Or does it have any security problems? At the current state, it's simple not possible to access Garmin GPS devices as an unprivileged user.

Since this is a general problem, I changed affected package from "qlandkarte" to "udev".

In general, we prefer not to grand such wide permissions for devices.

That means any system user can upload data to your GPS, when in reality, only the user at the same physical console as the USB port should be able to do so.

Yes, I generally understand that your presets are restrictive. But this also means that a user who wants to access her GPS device currently

a) needs an admin account, or
b) needs to create a udev rule (which in turn requires both the knowledge about this and an admin account).

I someone not familiar with the internals of these things simply wants to use a GPS unit at his computer, this will turn out impossible without quite some internet research and an admin account.

Is there any way to have security and user friendlyness?

Ideally we would combine all such devices into an ACL

The difficulty is that nobody seems to have a list

For now, the rule to set the device group/permissions should either be shipped with qlandkarte for a group or HAL for an ACL.