“So any user can install any package found in the official
repository. Some Fedora developers, at least, seem to see this as a
feature; see this rapidly-growing thread for the discussion.“The bug report contains the incantation needed to disable this
behavior:pklalockdown –lockdown
org.freedesktop.packagekit.package-install“Evidently that is not a long-term solution, though; see this
post for a rather more involved fix. Stay tuned: we’ll probably
post a longer look at this issue in the near future.”