Fedora 22 update security
Josh Boyer
jwboyer at fedoraproject.org
Wed May 13 13:53:23 UTC 2015
On Wed, May 13, 2015 at 9:47 AM, Christian Schaller <cschalle at redhat.com> wrote:
> So I checked with Richard Hughes and the way the rules currently works is
> that there is a difference between install and update. If you want to install
> a new piece of software you need to be part of the wheel group, but any
> user can update already installed software as long as it is signed Fedora software.
> (Well technically they are not even doing that since updates are done offline these
> days).
Right, but that is the problem. On a multi-user machine, allowing a
non-admin user to update e.g. firefox can result in some very strange
brokenness with currently running firefox instances. Also, updates
can bring incompatibilities with them and should be done by an admin.
I realize the rationale above is _mostly_ covering for inadequacies in
application software but that is reality today. However, even
ignoring those issues, updates to core packages shouldn't be done by a
non-admin user.
josh
More information about the desktop
mailing list