unity-design team mailing list archive
-
unity-design team
-
Mailing list archive
-
Message #00919
Re: Possible security risk with update-manager
First, don't get me wrong -- I do not think allowing updates without
checking the administrator password is a good idea; I just wanted to make
sure we were all on the same page about it.
Second, the difference is that automated updates would happen no matter
what, whereas all an administrator would have to do to prevent other users
from installing updates would be to not allow them to access the computer
under an administrator account. If an administrator gave another user access
to her admin account, then under that scheme, she would be granting that
user authorization to install updates.
-S
On Tue, Dec 15, 2009 at 8:53 AM, Scott Kitterman <ubuntu@xxxxxxxxxxxxx>wrote:
> On Tue, 15 Dec 2009 07:31:37 -0500 "Scott E. Armitage"
> <launchpad@xxxxxxxxxxxxxxxxxxx> wrote:
> >I don't think that mac_v is proposing /automated/ updates, so much as he
> is
> >proposing that the current update scheme should not require the
> >administrator's password. The administrator would still be notified of new
> >updates as they are now, and they would have to decide when to download
> and
> >install the updates, however they would no longer have to confirm their
> >administrator status prior to update installation.
>
> How do you confirm adminstrative authorization then? Whether installed by
> non-admins or automatically is just a variant of not under the
> adminstrator's control.
>
> Scott K
>
> _______________________________________________
> Mailing list: https://launchpad.net/~ayatana
> Post to : ayatana@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ayatana
> More help : https://help.launchpad.net/ListHelp
>
--
Scott Armitage, B.A.Sc., M.A.Sc. candidate
Space Flight Laboratory
University of Toronto Institute for Aerospace Studies
4925 Dufferin Street, Toronto, Ontario, Canada, M3H 5T6
References