Closed mixmastamyk closed 10 months ago
Non-admin users shouldn't be able to update the system. It's still an update and updates can break things. Entering their password isn't undue work for admins.
That aptdcon command doesn't just install security updates - If you were going to do this you may as well enable automatic updates (Edit->Preferences->Automation).
I tend to disagree. Bear with me for a moment. Take for example a kid on a laptop.
Updates are not that a big deal:
Online security:
Also, traditional ideas about the division between admins and users (and focus on stability above all else) are now kinda old-fashioned when every user has multiple cheap computers, and live/restore disks are ubiquitous.
So arguably, I think the risk from delayed online security updates is an order of magnitude higher than a bad update risk.
There really should be some option or group I could put the user into, but it doesn't seem to be a thing. This GUI could alleviate that and provide the option of using aptdcon. The fact that it exists shows someone at Debian thought the idea worthwhile.
Cheers,
Wow, aptdcon can do APT operations without sudo? Is that because a daemon always runs in the background as root and the application can use it? Can a use disable that manually? EDIT: Found out, /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.packagekit.pkla
Ah, but you need to enter a password of an admin if you aren't an admin, okay ;)
The update mechanism requires sudo likely because apt requires it.
However that means everyday users need to have a sudo privileges just to get security updates. That shouldn't be the case. Everyone should have access to the latest security patches without undue work.
I recently found out about this daemon/command at askubuntu to run updates without sudo:
https://askubuntu.com/a/391992/116108
Would be great if the mint updater supported it.