On Wed, 2017-04-05 at 17:32 -0600, Chris Murphy wrote:
On Wed, Apr 5, 2017 at 3:14 PM, Adam Williamson
<adamwill(a)fedoraproject.org> wrote:
> On Sun, 2017-04-02 at 09:44 -0500, Michael Catanzaro wrote:
> > Also: being able to install without authentication but not delete
> > matches our behavior for system packages. I think it's silly to allow
> > users to install stuff but not to remove it, but that's our status quo.
>
> I thought the intent was that you should need admin privileges to do
> either. The only thing regular users are supposed to be allowed to do
> without admin privileges is *update* the system, though since that now
> requires a system reboot, I'm not sure even that should be allowed
> without auth any more.
Ick.
I want to see the OS and apps updated on a regular basis, by default,
no user intervention. Just do it. I've tacitly given permission for
this by installing Fedora already. It should be one of its
responsibilities. Like cleaning up /var/tmp.
Well, it's about rebooting the system, not installing the updates.
Having said that, if we already allow non-admins to reboot the system
without authenticating as an admin, then allowing them to trigger a
reboot to install updates isn't any worse.
Especially flatpak applications - just update them. They can be
rolled
back if they break something.
As for where to install, whether admin user or non-admin, I think the
app needs to go outside of /home. Find another way to additionally
embargo "user" apps behind the scenes, but storing them on /home I
think is consuming the wrong resource.
Android phone, I can install an application and not be asked to
authenticate anything beyond the lock screen.
But Android phones generally aren't multi-user devices. I'm only
talking about *non-admin* users, here. On a single-user system, the
single user is likely going to be an admin.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net