Well if your talking about granting passwordless ability to install packages to all local users then Fedora
screwed up on two accounts:
1. Did not put it in the release announcements.
2. Made it default for all local users. It should of only been the default for the initial user.
That was the big mistakes.
The passwordless stuff is actually a good feature though. Asking for the user's password is just
security theater because they have already proven their identity through passwords by being able to
log in before. In addition to that prompting users for their user password offers almost no protection
against attacker dwelling in their user account.
This is a huge misconception that prompting the user for their password multiple times is useful
security. It actually is more likely to make things worse since it encourages bad password policy and
numbs the user against real security concerns. Prompting them for the root password is counter
productive since the whole goal is to eliminate access to root in addition to promoting the same bad
password behaviors and encouraging the user to ignore real security concerns.
The number #1 threat to Linux desktop security is weak passwords. Requiring the user to use the
same passwords multiple times or requiring them to use passwords for regular events is making the
problem worse. Regularly popping up warning dialogs is very bad also. Either they have the rights to
perform the action or they don't.. bugging them over and over again when they have rights to the
action is very 'windows-like' in it's bad behavior.
If you still desire a password for regular desktop events then it should probably be a third 'admin'
password that is not root and is not the user's password. Even though that is still mostly theater it's
probably a good compormize.