security-misc postinst uses
glib-compile-schemas /usr/share/glib-2.0/schemas || true
What I mean to say with that: since we ought to to avoid shipping binary files [1] in source code - it looks like it is a clean way to use postinst to generate such binary files.
Perhaps works for new user only?
I mean debugging/testing this could be equally difficult as compared to https://marc.info/?l=kde&m=141130406809446&w=2 - i.e. new session/new files/new user required?
because:
[1] hard to deterministically reproduce
[2] looks fishy if not deterministically reproducible
[3] extra complexity for searching backdoors
[4] probably more reasons…