Ctrl+F "poisontap" in https://mail.gnome.org/archives/networkmanager-list/2016-November/thread.html
Instead of prompting the user every time something is plugged in, I presume the smart approach would be to block DHCP at the udev level while the gnome-shell screen is locked.
Once a solution is found in PureOS, it should be advertised as a feature, and upstreamed (if possible/accepted) to GNOME.
I believe a solution exists: apt install usbguard-applet-qt
Please test and report back if that indeed solves this issue.
If it does, we can consider options of a) installing that package by default, and b) feasability of hiring developers to code a GTK+ applet (or locating if one has been written already and simply needs packaging).
I have set severity to normal. Please shout if considered more important than that.
It will pull in Qt though, and GNOME doesn't support applets/system tray icons natively anymore.
So, can we add it? Yes, of course, but it will look very alien, and we will have to modify our GNOME Shell session to display status icons.
what about only CLI option of it or should we get someone to build a gtk version of it?
Using the Qt-version on PureOS and the status icons aren't really needed. The popup for allowing a device looks a little bit out of place, but it works flawlessly.