Initial draft of privilege escalation policy
hughsient at gmail.com
Wed Jan 20 16:51:24 UTC 2010
2010/1/20 Adam Williamson <awilliam at redhat.com>:
> * Add, remove, upgrade or downgrade any system-wide application or
> shared resource (packaged or otherwise)
Do you mean upgrade, or update? PackageKit, by default, allows
untrusted users to update packages, but not upgrade the distro from
one release to another.
If you require the admin password to update, then you're stopping
updates being installed in the background, which makes you _less_
secure, not more secure.
More information about the test