Hi,
This morning I got the automatic "notification" of an system update availability. I was alarmed at noticing there was no requirement to enter a password to bring the update into my system. I have always been quite in favor of the demand for this precaution of the password for entry of programs on the system. I don't know if I have just lulled myself to sleep on this issue and "missed it" when the change came about or what.

Does my system have a problem, or was there a change, as to a shifting away from this password requirement which I am still unaware of.

Thanks and sorry if I am simply an idiot! :(

By default Ubuntu remembers your password 15 minutes, you can change this to 0 minutes if it helps you feel more secure:

https://help.ubuntu.com/community/RootSudoTimeout

Hi, mine does the same thing sometimes it requires it and sometimes it does not, but I have not taken the time to figure it out yet but I need too.

By default Ubuntu remembers your password 15 minutes, you can change this to 0 minutes if it helps you feel more secure:

https://help.ubuntu.com/community/RootSudoTimeout

Thanks for the info, though I know I hadn't entered a password for well over an hour. It might be that my defaults got messed up somehow. I will check into it through the link you provided.

I do appreciate the assistance, and thought.

It is my understanding that there is a specific policy to reduce the need to enter passwords as much as possible without compromising security. So, you may find that updates no longer require authentication but other more serious changes would still require it.

Apparently there has been a lot of debate about this change. The reasoning behind it is that if the user is frequently being required to authenticate then there develops a tendency to put in the password without really checking if it is really safe to allow the process to proceed. This mind set actually makes the system less safe. It is not much of a problem if it is a genuine Ubuntu system request. But what if it is malicious code that the system is trying to protect us from?

It is similar to requests for confirmation. The user gets in the habit of clicking YES without thinking and does not notice that he has just confirmed that he wants to delete some very important files.

Regards.