10.2 ZMD / Update Install Software security

[Baloo]

It was nice to see that 10.2 seems to have fixed most of the ZMD issues from 10.1. But now that it's working I'm noticing what strikes me as a fairly serious security flaw. When I first went to update the software rather than just being prompted for the root password to run as root, I was prompted to supply the root password to add my std user to an approved list. Now I or anyone else can update/ remove/install software at will without knowing the root password. From what I can tell there's no way to remove the std user from the list and even if I do I'll have to login as root or set up a separate admin user that was added to the list.

Is it possible to configure the ZMD software update to prompt for the root password before running everytime (like YOU did in 9.3)? If so how?

thanks.

On a side note: Aside from this one issue I really like 10.2 they seem to have cleared of 10.1's problems. It's definitely solid enough for me to upgrade the family computer from 9.3.

[daark.child]

You don't have to use the ZMD stuff. Suse has two package managers, ZMD and the old YAST method from the 9.x days. The old method worked perfectly fine, so I am not sure why the ZMD stuff is being forced down peoples throats when it obviously doesn't work very well. To solve the ZMD problems, I just uninstalled the "Enterprise Management" pattern in YAST (this removes ZMD and related packages), then rebooted the machine. The old method of managing packages will be restored. It works a lot better than the ZMD stuff.