On Wed, 2015-05-13 at 12:22 -0400, Christian Schaller wrote: > Yeah, no problem with that. This issue with who can do updates, while > something > we should fix, isn't release blocking IMHO. This is at best a F23-timespan issue. Although I'm not opposed to prohibiting unprivileged users from applying updates, we have a technical problem in polkit: we don't want to force admin users to enter a password to apply updates, but horrible workarounds (which we use in gnome-control-center and maybe now ABRT) are required to allow admins but not standard users to bypass authentication. Also, the polkit maintainer (Miloslav) doesn't want to change this: he likes password prompts to protect against the chance somebody gains physical access to your computer while you're logged in. I think we need to fix polkit before we start adding more authentication prompts. We basically want a rule auth_if_nonadmin. For details, see https://lists.fedorahosted.org/pipermail/crash -catcher/2015-April/005597.html -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
