- for example https://github.com/Whonix/anon-gpg-tweaks/blob/3ebe733fa5198bc88de1af659d309f121d032205/debian/anon-gpg-tweaks.postinst#L23-L31 is non-ideal.
- hardcoded to user user, other created users won't profit from these
- using sudo -u in maintainer script
- won't work anymore in Qubes, once TemplateBasedVMs no longer inherits their TemplateVMs home (https://github.com/QubesOS/qubes-issues/issues/1335)
no longer have packages (maintainer scripts) directly write to /home use /etc/skel instead copy files from /etc/skel to /home/user at first boot
Related, separate ticket:
ship Tor Browser tarballs in Qubes TemplateVMs in /var/cache/tb-binary and extract in AppVMs at boot time to user's home folder (T417)