Comment 17 for bug 1899193

I still wonder if we also should try to fix aptdaemon to explictly close the files it opens, as we can't rely on Python doing that automatically due to the reference cycles in DebFile, and if that needs a CVE as well - I have no idea if it's practically exploitable.

You need to give it a deb that's valid enough to open, aka has data.tar.xz and control.tar.xz and debian-binary members but then is being rejected by aptdaemon itself after the object is created (e.g. control.tar.xz contains nonsense).

Arguably if we fix the PolicyKit interaction, that's enough to go on the aptdaemon side.