Is it alright for any normal user to update the kernel. In my experience I have seen quite a lot of difference between kernel versions. When a standard user updates already installed signed by Fedora software, it could lead to some issues which system admin might not be able to fix. For example, the downgrade option is available for one version below the currently installed version. This is not recursive, I mean, I cannot go from version 3 to version 1. I will be stuck with version 2. As a system admin it is not ideal in a real world. Differences between kernels and even versions of software, I have seen and experiencing issues. This is evolution email client, which I am currently editing to report to the forum. The other key thing is the update of the NVIDIA graphics driver. I still have not managed to install NVIDIA graphics driver on my Fedora 22 even with the latest kernel. Nethaji On Wed, 2015-05-13 at 09:47 -0400, Christian Schaller wrote: > So I checked with Richard Hughes and the way the rules currently works is > that there is a difference between install and update. If you want to install > a new piece of software you need to be part of the wheel group, but any > user can update already installed software as long as it is signed Fedora software. > (Well technically they are not even doing that since updates are done offline these > days). > > Christian > > > > ----- Original Message ----- > > From: "Matthew Miller" <mattdm@xxxxxxxxxxxxxxxxx> > > To: "Discussions about development for the Fedora desktop" <desktop@xxxxxxxxxxxxxxxxxxxxxxx> > > Sent: Wednesday, May 13, 2015 9:07:28 AM > > Subject: Re: Fedora 22 update security > > > > On Wed, May 13, 2015 at 07:49:34AM -0500, Michael Catanzaro wrote: > > > Actually, sorry, Matthew and I were wrong. We do allow unprivileged > > > users to run software updates (provided all of the updates are > > > cryptographically signed by Fedora). You can configure this behavior > > > manually by creating a file in /etc/polkit-1/rules.d with the following > > > contents (untested, should work): > > > > Huh. Last time this came up in FESCo, I thought the decision was to > > keep the policy as it had been (passwordless updates for admin users > > only). > > > > -- > > Matthew Miller > > <mattdm@xxxxxxxxxxxxxxxxx> > > Fedora Project Leader > > -- > > desktop mailing list > > desktop@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/desktop -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
