On Sat, May 07, 2011 at 05:22:04AM -0700, Leslie S Satenstein wrote: > The automatic update is a great tool. However, on a regular user account, it > can be clicked to run, and when it does, it asks if new dependency files should > be included in the update. I think that allowing dependency files may be a > potential security breach. It's not considered a bug. A bug was filed and apparently it can be changed by doing something with polkit, though I don't remember what. The suggestion, IIRC, was that if this was a security in your situation, use RH or CentOS (or ScientificLinux), or find what had to be done with polkit. Originally, any signed package could be installed through packagekit, but after that made the front page of slashdot, it was changed to any already installed, signed package. If you search bugzilla for packagekit authorization or something like that, you might be able to find it. It was from right around when RHEL6 beta first came out. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Buffy: I'm sorry, it's just been a really weird day. Xander: Yeah, Buffy died and everything. Willow: Wow, harsh. -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
