Required password for Update Manager

[palo]

Testing Qiana and find after starting Update Manager that a password is required to change software sources and run updates but it is not required when holding and unholding packages. It seems inconsistent security to allow an unprivileged user to do this. Would be better to have the same required authentication for this function as the other functions. An unprivileged user can also change things in preferences that could affect system stability, so requiring a password to start the opening of Update Manger would be even better.

[Monsta]

I don't see anything to worry about.
Holding packages means writing them to the blacklist for the current user (~/.config/linuxmint/mintupdate.ignored). This blacklist is read and written only by mintUpdate.

In other words, it's not system-wide and it's totally ignored by apt-get/aptitude/Synaptic/whatever else except mintUpdate.

Still want a password for that?

[palo]

I don't see anything to worry about.
Holding packages means writing them to the blacklist for the current user (~/.config/linuxmint/mintupdate.ignored). This blacklist is read and written only by mintUpdate.

In other words, it's not system-wide and it's totally ignored by apt-get/aptitude/Synaptic/whatever else except mintUpdate.

Still want a password for that?

You are right - there is nothing to worry about but there are some people that use MintUpdate and let others use the computer. Consider this scenario:
Monsta lets Monsta jr use the computer. Monsta jr is a fearless explorer and clicker - he clicks on the icon in the panel and it opens. Exploring the preferences options finds the Levels tab and puts a check for "Always select and trust security updates", closes and done. Now the next day Monsta runs update manager without much attention to details because it is just routine but later finds the kernel has been updated (for example) but it shouldn't have according the the preferences Monsta set.

Okay it is a silly example but the point is that Mint 13 required a password to start the Update Manager whereas Mint 17 does not require the password to start the Update Manager and is that the best decision? If nobody else thinks it should be changed back then it is a worthless suggestion. That is what it is.

[Windowbreaker]

What about those of us who live in a secure dwelling and are the only hands that ever touch their computers? If Update Manager would automatically place the cursor in the password box, maybe I wouldn't be such a grouch about it, but my Mint PC is on my left side and my left-handed mousing is less than accurate. I'd prefer to not need a password for updating. Let me select the updates and click install. But it's more secure the other way, even for single-user scenarios...

[Monsta]

Consider this scenario

This is a general problem of letting someone use your account instead of creating a separate one for that person. It's not just mintUpdate issue - the "fearless clickers" might do wrong things to any other application.

Mint 13 required a password to start the Update Manager whereas Mint 17 does not require the password to start the Update Manager

And now you can refresh the list of updates, view them, select/deselect them, change any preferences and do other stuff without having to type your password. Only if you decide to actually install/upgrade something you'll have to enter it.
It's so convenient that I'm already irritated at the way mintupdate-debian works in LMDE (it still works the old way, requiring a password first).

[palo]

I get that many would like a system where you don't need to type passwords period (I'm not one of them).

And now you can refresh the list of updates, view them, select/deselect them, change any preferences and do other stuff without having to type your password. Only if you decide to actually install/upgrade something you'll have to enter it.

Well you still have to type a password - it is just a matter of when

Edit: If you want to make a change to repository sources and do updates you can have the pleasure of entering your password twice.

[PatH57]

freedom of linux, you decide "when"

[palo]

freedom of linux, you decide "when"

A false sense of freedom - do you really get to decide?

[PatH57]

never, ask your wife, girlfriend or boyfriend they just smile at you and say "yes honey"
no wonder I divorced twice

[Monsta]

Edit: If you want to make a change to repository sources and do updates you can have the pleasure of entering your password twice.

Do you change the sources that often to complain about it?

[palo]

Do you change the sources that often to complain about it?

This isn't the complaint department and I'm not complaining (well maybe some)

Just trying to make the suggestion that between the Mint 13 way and the Mint 17 way, the more sensible way would appear to be the old way and the preferred way would be the way most users want it. At this point you appear to be "most users". I do not do updates this way at all - just came across it while playing in VBox. I (and anyone else using my computer) operate from an unprivileged account and sudo and authentications are never required. I just su in terminal and start everything from there - no password nagging at all. It appears now anyone can muck with Mint Update in any account.

This just appears to be a weakness in what was a secure system IMO and I would prefer to stay with 13 at this point or hide the option for the update manager in 17 if I go that route (I'll just miss that little shield telling me there are updates) - no biggie. I don't care how many passwords you have to enter - I use one to rule them all.