Re: There is a scary discussion on the Ubuntu Developers mail list.
By the way, while I don't agree that this is a scary discussion, I will say that the proposal is a bit misguided. There's only so much you can protect users from themselves without educating them. Any uneducated user who has an administrative password (either root or sudo) is a security risk. Social engineering evolves. Right now, there may seem to be an easy way to thwart attempts to hijack security, but the ultimate solution is educating users, not constricting them.
I was just talking about this with some co-workers yesterday at lunch regarding wire transfers to Nigeria, PayPal asking you to verify credit card information, etc. Those social engineering scams mainly have to do with personal/financial security and less to do with operating system security, but the principle remains the same--these 30-something and 40-something co-workers of mine (who are not necessarily tech-savvy) had to wise up to the ways of the world, and they lamented how they were not always as wise as they are now.
Just as you tell a child not to take candy from strangers, you also have to tell computer users of any age not to download software from just anywhere. Teach them to be discerning. Yes, it's true--a warning pop-up will almost always go unread--but it's not up to the developers to think for you what is "trusted" or "not trusted" software. It's up to users to educate each other, just the way we do about looking both ways before crossing the street or not touching the stove when it's hot. Imagine if stove/oven manufacturers had to prevent users from turning on the stove because people might just touch it and burn themselves. It's ridiculous!