Jesse Keating wrote:
On Thu, 2009-11-19 at 06:50 +0000, Keith G. Robertson-Turner wrote:
> The desktop users on my network might have difficulty doing any of those
> things, since their "desktop" access is via VNC tunnelled through ssh.
>
> However, now it seems they can arbitrarily install software into /usr,
> on a server that is (for some of them) in a foreign country, because of
> something called PackageKit.
>
That is incorrect, unless somehow your ssh tunneled VNC registers as
"local console login", which I doubt. In your case, none of your users
would be allowed to install software/updates.
There is a logical flaw in this argument. Last month you would have told
me the PackageKit is totally safe; you need to know the admin password
to install anything. Seems that that is no longer true. Where is my
guarantee that the current restrictions won't be loosened.