On Wed, 08 Feb 2012, Michael Scherer wrote: > Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a > écrit : > > On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from > > Claire > > Robinson who wrote: > > > > I ended up installing Mageia 1 on his box, but I wonder why does the > > > > distribution allow the user to potentially hose his system, when it > > > > requires the root password to install a prog ? > > > > Would it not make more sense to ask for the root password for the > > > > updates? > > > > > It is configurable in MCC. You can find it under Security => Configure > > > authentication for Mageia Tools. > > > Just select root for Update. > > > > Brilliant, thanks. > > > > But would it not make more sense to have the default changed to root ? > > That totally miss the point, which is that a upgrade hosed the system. > Would requiring the root password have changed that ? I doubt. > > However, if the user cannot do upgrade without asking to someone else > ( because that's the whole point of having 2 different passwords, else, > that's just a nuisance that will confuse most people ), then he will > likely miss security and bugfixes updates, and that's problematic.
It's not clear if we are talking about installing updates only, or upgrading to a new version of the distribution. Installing updates is supposed to be safe and can be allowed by default with user password. But upgrading to a new distribution is more dangerous and should probably only be allowed with root password.
