https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c1 Hrvoje Senjan changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hrvoje.senjan@gmail.com AssignedTo|kde-maintainers@suse.de |security-team@suse.de --- Comment #1 from Hrvoje Senjan 2013-05-30 09:43:34 UTC --- @Scott, this is due to default privileges: grep package /etc/polkit-default-privs.standard # package kit org.freedesktop.packagekit.package-install auth_admin_keep_always org.freedesktop.packagekit.package-install-untrusted auth_admin org.freedesktop.packagekit.system-trust-signing-key auth_admin org.freedesktop.packagekit.package-eula-accept auth_admin_keep_always:auth_admin_keep_always:yes org.freedesktop.packagekit.package-remove auth_admin_keep_always org.freedesktop.packagekit.system-update auth_admin_keep_always:auth_admin_keep_always:yes org.freedesktop.packagekit.system-rollback auth_admin_keep_always org.freedesktop.packagekit.system-sources-configure auth_admin_keep_always org.freedesktop.packagekit.system-sources-refresh auth_admin_keep_always:auth_admin_keep_always:yes org.freedesktop.packagekit.system-network-proxy-configure auth_admin_keep_always org.freedesktop.packagekit.cancel-foreign auth_admin:auth_admin:auth_admin_keep org.freedesktop.packagekit.device-rebind auth_admin_keep org.freedesktop.packagekit.system-change-install-root auth_admin org.freedesktop.packagekit.upgrade-system auth_admin org.freedesktop.packagekit.repair-system auth_admin org.opensuse.yast.system.packages.read no # same as org.freedesktop.packagekit.system-update org.freedesktop.packagekit.trigger-offline-update auth_admin_keep:auth_admin_keep:yes org.freedesktop.packagekit.clear-offline-update auth_admin_keep:auth_admin_keep:yes Adding security team -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c3 Scott Couston changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |secure@aphofis.com --- Comment #3 from Scott Couston 2013-06-03 11:30:49 EST --- (In reply to comment #2)

I would like to see some steps to reproduce on a freshly booted system.

Thank you Stephan for your input. Firstly, when ever I do an install the User does not have root privileges. I do not follow a standard Install where the user is already root. The concept of auto installation or change to any installed software, without needing root authority is down right wrong! That should clarify alot of issues. When I shutdown and restart any PC's all X64 and application runs notifying me that software updates are downloaded and Installed without root authority. Apper on the other hand does require Root escalation without fail, however its has dependence issues it cannot resole a lot of the time- More on that later. Stephan could you please let me know what log files you need to debug this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c5 Scott Couston changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|secure@aphofis.com | --- Comment #5 from Scott Couston 2013-06-08 09:26:48 EST --- (In reply to comment #4)

I would like to see some steps to reproduce on a freshly booted system. Leave out all oppinions

I would need to give you log data to support this, however it is my firm belief that the only requirements are for a fresh installation where the user login is created to not be root...Just untick the default. My logs here on 2 production PC's would have further value. Please ask me for anyfiles you need but start with the above..default, non automated, KDE, user not equal to root; type Installation. It appears that there are 3 different system update programs running. Online update in Yast, Apper, and an automatic program that I cannot even find. Each have varying degrees of problems failing to update due to dependency problems that cannot be resolved because I can go into Yast and run online update and even force check dependency; and get replied that there is nothing to resolve. The other issue I have found is that a user account can make changes to system times. I run a NTP config for public time servers in Yast and thats all I need to have but on the desktop the attached screen-shot will show what is available without authority . As for outright time change via the screen shot; it does call for authority BUT time zone/calendar type/ you name it; cvan be changed without authority. I feel that already there are too many accounts used to run services at the moment.The system user 'smolt' has me disturbed whatever that account is designed to do. I guess we all would like to see more kernel resident and initiated services; but thats a pipe dream :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c7 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |meissner@suse.com InfoProvider| |secure@aphofis.com --- Comment #7 from Marcus Meissner 2013-06-14 04:05:46 UTC --- please try to do what coolo says ... easy reproducible steps for us, and leave out meanings and opinions as we need to reproduce here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c9 Stephan Kulow changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |secure@aphofis.com --- Comment #9 from Stephan Kulow 2013-06-15 01:48:00 CEST --- how you install is of no interest. We want to know what you do with your system - *HOW YOU INSTALL THINGS WITH APPER* OK, let me give you an example: I login as user account coolo I call alt-f2 and call apper I get a search field in apper, I type in gnome-shell I get a search result and "GNOME Shell" is the top result I say "Install" in the line behind it I click "Apply" -> I get a popup asking me for my root password --> NO BUG! And now you please (I did this on 13.1 Milestone 2 - if that causes the problem to appear on 12.2, then be it - *BUT WE HAVE TO KNOW*) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c11 --- Comment #11 from Scott Couston 2013-06-15 14:40:52 EST --- Created an attachment (id=544249) --> (http://bugzilla.novell.com/attachment.cgi?id=544249) apper 001 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c13 --- Comment #13 from Scott Couston 2013-06-15 14:41:57 EST --- Created an attachment (id=544251) --> (http://bugzilla.novell.com/attachment.cgi?id=544251) apper 3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c15 --- Comment #15 from Scott Couston 2013-06-16 03:56:41 EST --- Created an attachment (id=544270) --> (http://bugzilla.novell.com/attachment.cgi?id=544270) yet another failure of Auto-executed Apper AS I have made this completely clear from the beginning with regard to just Apper we have both version of Apper can be an auto process as the screen shots show and it needs no root authority.-See Screen Shots Manually executing apper always requires root authority and then it gets worse by using Yast>Online Update as the difference if finding new updates using the same repos is totally different to what online update finds. Apper, as you can see has no ability to resolve conflicts, mainly due to the issue of it having far more access to user defined repos. Apper is a vastly flawed process in that it cannot even bring change the focus of the newest appearance of a new window...Its al over the place with focus and does not comply with standard KDE behaviour. I dont know if this is because ?Gnome treats window focus differently but with KDE is looks like a first year Uni Student has written it...The bug with apper and the way is behaves, I reported back in 11.3 and 4 no no one cared and this issue was closed as fixed in a newer release. Guess what, it was never fixed and still behaves totally different to current KDE convention. Apper needs ripping out and totally be rewritten its that hopeless as an application When you want our community to test and articulate bugs let me know,I'm out of here because personal emotions have NO place in software development. Its that simple -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c18 Scott Couston changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|WONTFIX | --- Comment #18 from Scott Couston 2013-07-03 07:07:25 EST --- Now the emotional hysteria has calmed down...How about looking at this bug for what it is...Its a bug found by ordinary usage. The issue of having multiple sessions of apper open, notifications in double numbers that are added ontop after ontop of notifications and the escalation to root window is often out of focus and not complying to our conventions; can be fixed later. The more challenging issues of apper finding updates that Online Update cant; despite the same repo's can be fixed later on. The other problem of apper not being able to resolve dependency’s obviously because apper finds more updates than Online Update, can also be fixed later on...lets fix all of these bugs and give credit where credit is due to either the reporter or assignee using logic!!!!!!!!!! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c19 --- Comment #19 from Scott Couston 2013-07-25 21:31:59 EST --- Created an attachment (id=549491) --> (http://bugzilla.novell.com/attachment.cgi?id=549491) 1 of 2 Screen shots Architecture is X_64 and only a few 32bit library files are installed. NOW apper want to install every .32bit library file to match the corresponding X_64 library file that Apper finds to auto install. Apper can only list the first 1 -3 conflictions, that are a copy and paste, job to recall once the list is reviewed...as you can see the list of conflictions are large and the notification window can only list the first few that conflict BUT the kicker is, it cannot offer a resolution solution..Its a trial and error based on a copy and paste list seranio for the user. Even if the user CAN resolve this first conflict the problem gets exponentially worse. I suggest we back out Auto Apper, that will auto run Default on every startup of the PC including. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c21 Scott Couston changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Update Problems |Update Problems AssignedTo|kde-maintainers@suse.de |bnc-team-screening@forge.pr | |ovo.novell.com Product|openSUSE 12.2 |openSUSE 12.3 Target Milestone|--- |Final Summary|Apper Installs Software |Apper Installs Software |Without Root Authority |Without Root Authority and | |Often Fails when Online | |Update does NOT. Apper | |Cannot Resolve any | |Dependency Issue if | |Presented with One --- Comment #21 from Scott Couston 2013-08-01 19:18:30 EST --- Bug VALID IN 12.3 The issue now become what do we provide for software management and Online Update. I have log files that show Apper find some type of issue and fails auto update when current Yast>Online update find no issue right after apper fails. Online update remains the one software management product that works or presents a valid solution. I think QA needs to evaluate what currently works well. Sure its not part of the KDE control package...thank goodness its not. The duplication going into the KDE Control Module with an ever increasing rate is more buggy than YAST.. The KDE control Module is about as far away from whay Yast can currently do, we shouldn't jump into changing this until we have an equal or better solution than Yast -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=820354 https://bugzilla.novell.com/show_bug.cgi?id=820354#c22 --- Comment #22 from Scott Couston 2014-03-21 15:50:31 EST --- Latest updates to Apper enable it to resolve most dependency issues by require no root authority. If New software is chosen to be installed by apper an escalation to root IS presented AND out of focus in the task manager. Appers new updates is suppose to examine the same repo's yet time after time under the same settings that qualify for updates, there is a complete disparity to which Apper finds to update than Online Update. The issues I have are fundamental. WE provide a product that by default gives the user two different ways of achieving in-line up and software management and to add insult to injury of the confusion of the user both use different contraventions as to what our Operating System is fundamental in applying. The logic is not whether one is better, different that the other application. The logic is that we permit a default application opensuse to be installed that does not follow the same conventions. The problem for us to solve is that we should, at the very least, not break convention in our common use of escalation, our common use of the focus and control of active windowing management and to produce the same parity in logic is providing the same necessary applications to update. If we simple provide this in Apper we resolve our current problem until, yes; as we all agree, we find the singular superior arbiter for software management. We can solve this right now and maintain convention and stop confusing the poor user whilst we find a singular answer and surely we have the need and resources to solve what we can right now. Thats the bug in totality solve what we can now as it is without our power to do with a degree in ease. Please do not mistake my Australian English in talking about fundamentals as most everything I write is about solving what we can do right now. The really hard bit for you guys is the right philosophy for the future. Its about supplying usability right now and further innovation in the future and none of this can be done be removing any currently released application or nuance. :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.