Fedora 12 lets unprivileged users install packages

This would only seem to be a problem in the case that a user is logged in with the ability to elevate their privileges to install a package, then they go away leaving it unlocked, and another person starts using it and installs some software.

It's unlikely that you've let a malicious user physically access your unlocked machine while you're logged in but not present, and in this case they could already do far more damage than installing some software - they have unfettered access to your $HOME after all.

I just can't think of any circumstances in which this could cause any problems.

I am making the following assumptions:

1) This policy only allows users to install packages without a password, in cases where they previously would have been able to *with* one. This is my most important assumption and might be the point where opinions differ; if I'm wrong about this one then that would change things.

2) A corporate deployment of Fedora won't allow users to install packages, even *with* their password, so there is no change.

Less important ones:

3) The majority of home computers are used by only one user (Microsoft found that over 70% of computers are only ever used by one person)

4) The *overwhelming* majority of home computers are used by one or an small number of users, and anyone with access to it will already be able to install packages by entering their password.

5) A guest account could be created which requires no password, and has very limited permissions (for people who want to let somebody else use their computer).