![](https://seccdn.libravatar.org/avatar/93cf6319a8961d144cf9d0dc09f5e319.jpg?s=120&d=mm&r=g)
O' knowledgeable ones: I have Ximian-GNOME on my system (SuSE 7.3), and I use their Red Carpet updater service (a kind of "uber" RPM handler). It occurs to me to wonder about security. If I run the client as a user, I get prompted to provide my root password, or to run the RC client in unprivileged mode -- which means that I can look at available updates, but I can't have them installed. So, to get any useful work done, I need to provide the root password at the client prompt. This strikes me as dangerous, since the client could easily report my root password to Ximian (not that I think they are interested...) or to a third party (like a former employee who left a backdoor...ok, I'm reaching, but...). On the other hand, if I login to my system as root, and run Red Carpet from there, am I not offering a tremendous amount of access to an application that performs a bunch of transactions over the internet. What's the least-scary approach that retains the convenience of Ximian Red Carpet? Note, I would prefer not to change my root password after every time I run the utility. That way lies madness or the risk of forgetting the root pw... -- Kevin McLauchlan Chrysalis-ITS, Inc. "Ultimate Trust(TM)"