So I checked with Richard Hughes and the way the rules currently works is that there is a difference between install and update. If you want to install a new piece of software you need to be part of the wheel group, but any user can update already installed software as long as it is signed Fedora software. (Well technically they are not even doing that since updates are done offline these days). Christian ----- Original Message ----- > From: "Matthew Miller" <mattdm@xxxxxxxxxxxxxxxxx> > To: "Discussions about development for the Fedora desktop" <desktop@xxxxxxxxxxxxxxxxxxxxxxx> > Sent: Wednesday, May 13, 2015 9:07:28 AM > Subject: Re: Fedora 22 update security > > On Wed, May 13, 2015 at 07:49:34AM -0500, Michael Catanzaro wrote: > > Actually, sorry, Matthew and I were wrong. We do allow unprivileged > > users to run software updates (provided all of the updates are > > cryptographically signed by Fedora). You can configure this behavior > > manually by creating a file in /etc/polkit-1/rules.d with the following > > contents (untested, should work): > > Huh. Last time this came up in FESCo, I thought the decision was to > keep the policy as it had been (passwordless updates for admin users > only). > > -- > Matthew Miller > <mattdm@xxxxxxxxxxxxxxxxx> > Fedora Project Leader > -- > desktop mailing list > desktop@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/desktop -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
