kpackagekit install security update in automatic mode without authorization

This is actually managed by the packagekit backend, not kpackagekit. It looks like the packagekit backend is not following the apt cron stuff you set in software-properties-{kde,gtk}.

Marking confirmed based on it affecting multiple people.

As additional information, I had my KPackageKit settings at:
Check for updates: Daily
Only notify about available updates

And it still continued to download and install. This is a critical bug, and has forced me to disable automatic update notification.

I can confirm too (using Kubuntu 10.04 Lucid LTS, KDE 4.4.4).

My settings are:
Important security updates, Recommended updates
Check for updates: Daily
Only notify about available updates

It just notified me that it is updating my system and downloaded and installed updates without any confirmation. Then notified me again that the process completed.

The only way to possibly stop it is to click the system tray icon of KPackageKit that shows during the update process, click on the topmost menu item to show the update progress window and click Cancel there to interrupt it, possibly at download stage if you are fast enough.

sudo apt-get remove packagekit will do it too (that's my solution).

Happened on a second machine for me today.

Kpackagekit is patched to use the software-properties-kde dialog instead of the packagekit preferences. furthermore the packagekit cron parts aren't shipped. So it seems that you can keep packagekit installed, Scott.

This is caused by the "smart icon" in KPackageKit using the KPackageKit settings for automatic updates. Since we don't use KPackageKit settings and Apt already has its own setting and ability for automatic updates we can just remove the feature from the smart icon. This patch does so. I have uploaded to lucid-proposed awaiting approval from ubuntu-sru. Unfortunately I can't work out how to change the package for this Launchpad bug to kpackagekit.

TEST CASE
Run Kubuntu for a few days and note that security updates are automatically installed.

Install the new package, run Kubuntu for a few days and note that they aren't.

Accepted kpackagekit into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

(Please make sure this SRU patch gets into maverick too.)

It works correctly now. In addition to the test case for the regression, I also manually enabled automatic security updates and verified that those still work when the user has enabled them.

Accepted 0.5.4-0ubuntu4.3 which should fix the FTBFS. Please test.

This has fixed the issue for me.

Works for me too.

This bug was fixed in the package kpackagekit - 0.5.4-0ubuntu4.3

---------------
kpackagekit (0.5.4-0ubuntu4.3) lucid-proposed; urgency=low

  * Fix patch kubuntu_06_no_automatic_updates.diff to make it apply
    Closes LP: #586497
 -- Jonathan Riddell <email address hidden> Wed, 23 Jun 2010 10:58:50 +0100

Can we please get this fixed in maverick ASAP, too? Thanks.

Version 0.5.4-0ubuntu4.3:

  * Fix patch kubuntu_06_no_automatic_updates.diff to make it apply
    Closes LP: #586497

Version 0.5.4-0ubuntu4.2:

  * Add kubuntu_06_no_automatic_updates.diff, don't run automatic
    install updates from KPackageKit settings. Apt already has its
    own settings and ability to do this. Closes LP: #586497

Fixed in maverick in 0.6.0-0ubuntu1.