On Thu, May 14, 2015 at 12:21 AM, Richard Hughes <hughsient@xxxxxxxxx> wrote: > On 14 May 2015 at 01:57, Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote: >> It never even occurred to me that we might make this change downstream, >> since we make changes upstream whenever we can. PackageKit is >> maintained by a Fedora developer (Richard Hughes) so it's natural that >> the default settings are what Fedora wants them to be. > > I'm certainly hope I'm a friendly upstream, and it's true that I want > to ship sane policy by default. It doesn't mean upstream *has* to bend > and flex to every diktat from FESCo. If someone can explain to me in > an upstream bug why changing the policy would be more secure for users > then I'll happily change it for the next release. I'm not horribly > keen on the "lock down by default" arguments, as PackageKit upstream > is at targeting these users > http://www.freedesktop.org/software/PackageKit/pk-profiles.html Suzan should be a standard user, not admin, her brother is admin and does OS updates, she shouldn't be able to initiate them. She can install apps from approved sources and update them. Brevan is admin of his own computer and can do whatever he wants. Graham should not be using Fedora. But if he is, he's a standard user. He can install software from approved sources, and those applications can be updated. OS updates are off limits, his son will have to do that for him. And I'm saying this as an OS X user, with parents with OS X systems. They can install app store and signed applications. I *think* they can do drag and drop application installs for their user only, I haven't tested that in a while. But they definitely can't do system updates. I do that. And OS X system updates are 1-2 orders magnitude more stable and sane than Windows updates, in my estimation. There is absolutely zero possibility I'd subject Suzan, Graham, or my parents to automatic OS updates, be it Windows, OS X or Fedora. -- Chris Murphy -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
