Fedora 22 update security

Christian Schaller cschalle at redhat.com
Wed May 13 13:47:09 UTC 2015


So I checked with Richard Hughes and the way the rules currently works is
that there is a difference between install and update. If you want to install
a new piece of software you need to be part of the wheel group, but any 
user can update already installed software as long as it is signed Fedora software.
(Well technically they are not even doing that since updates are done offline these
days).

Christian



----- Original Message -----
> From: "Matthew Miller" <mattdm at fedoraproject.org>
> To: "Discussions about development for the Fedora desktop" <desktop at lists.fedoraproject.org>
> Sent: Wednesday, May 13, 2015 9:07:28 AM
> Subject: Re: Fedora 22 update security
> 
> On Wed, May 13, 2015 at 07:49:34AM -0500, Michael Catanzaro wrote:
> > Actually, sorry, Matthew and I were wrong. We do allow unprivileged
> > users to run software updates (provided all of the updates are
> > cryptographically signed by Fedora). You can configure this behavior
> > manually by creating a file in /etc/polkit-1/rules.d with the following
> > contents (untested, should work):
> 
> Huh. Last time this came up in FESCo, I thought the decision was to
> keep the policy as it had been (passwordless updates for admin users
> only).
> 
> --
> Matthew Miller
> <mattdm at fedoraproject.org>
> Fedora Project Leader
> --
> desktop mailing list
> desktop at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/desktop


More information about the desktop mailing list