Comment 2 for bug 1845263

Thanks Simon for the report, yes I've seen similar bugs for a few other packages already.
In many cases the security Team already has a plan or opinion about it.
Therefore I'm assigning the security team to first give us their guidance if:
- it should not be enabled, because ?
- it will be enabled by them later
- it should be enabled, but someone else has to try doing it