unity-design team mailing list archive

["Fabian A. Scherschel" <fabsh@xxxxxxxxxx>]

On Tue, Dec 15, 2009 at 10:44 AM, mac_v <drkvi-a@xxxxxxxxx> wrote:

> On Tue, 2009-12-15 at 09:15 +0000, Alan Pope wrote:
> > 2009/12/15 mac_v <drkvi-a@xxxxxxxxx>:
> > > Why ask the admin password?
> > > - Update manager is designed to be shown only for admin accounts and
> > > doesnt show up for non-admins.
> >
> If someone other than the user is having access to a user account ,
> there are bigger concerns than the guest updating the system.
>
> The guest[in this case the child] could delete important work files and
> do more damage.
> Why is updating harmful? Aernt the Stable release updates supposed to be
> pain-free?
>

Hi, all!

Wow, this is similar to the recent Fedora issue about installing packages
without a password. I realise it all sounds logical theoretically when you
put it like that but in the real world I can think of a lot of reasons where
I would like to have something like the update of my system be locked down a
bit. Think schools, leaving your computer unlocked for a second ie. I
realise there are a lot of arguments like "well, you shouldn't do that
anyway" but in the real world it doesn't work like that.

Saying nothing in the trusted repos should break stuff in an update is all
well and good, but I think we all know the world isn't perfect. Personally,
I'd like to keep this control myself and not relinquish it to Ubuntu in
general for a reason such as "oh, that password box bothers me".

Security is all about shades of gray and discussions like this really worry
me. At least implement a policy kit settings wizard or something for stuff
like this that lets the user easily make this choice before just ripping out
another protective barrier, as insignificant and inconvenient as it might
seem.

Just my five cents, feel free to prove me wrong. :)


Fab

Sixgun Productions
http://sixgun.org