Comment 5 for bug 1800715

My personal opinion aligns with YC actually.

It's specifically in the handling of a Thunderbolt device not just any USB device. If a thunderbolt device is automatically authenticated it does improve the usability at the expense of security.

A nefarious Thunderbolt device can trivially perform a DMA attack if automatically authorized in a situation that DMA mitigation such as IOMMU (VT-d) is not used.

Until there is a guarantee of DMA mitigation presence (which is going to be coming in 4.21 and a newer version of bolt) it's much safer to adjust
 to prompt for authorization or open a notification to do such.

I feel if this change is included Canonical's security team should review as well.