Comment 14 for bug 1800715

@seb128, regarding comment #7:
That is exactly why I raised that bug upstream. The way that makes sense to me is for popping up a GNotification when new devices are plugged in rather than automatically authorizing or automatically "trying" to authorize unless you know the device is "safe".

@alex-murray, regarding comment #11:
There are mitigations that will be included in a future kernel version (Probably 4.21 right now) around turning on the IOMMU and turning off ATS for Thunderbolt devices in safer scenarios on newer machines. That's the right time to automatically authorize.

Anyway, I do agree that the surface area for attack is extremely low. Upstream is going to be implementing this policy change around the kernel 4.21 behavior in the future and I expect that we'll eventually SRU that version too at that time.

Regarding comment #12,
I think there is some other bug with the automatic authorization not working in some situation, I saw this on 18.10 too (see the confusion about whether I was testing 18.10 or 18.04 in https://gitlab.gnome.org/GNOME/gnome-shell/issues/709).

It doesn't make sense to block this SRU right now for that reason especially since it's intertwined with the fwupd and gnome-software one. I think we should just all agree that there will be a future bolt release that we'll SRU at that time and this policy will improve in the future.