How come you don't need sudo privileges to update the packages list in the 10.10 Update Manager?

I have noticed that when I press the "Check" button from the Update Manager in Maverick, it starts directly downloading the information on packages without asking me my password (sudo verification) like it used to be in 10.04 and before.

I'm wondering why so because in the Terminal, you've still got to be sudo to execute an "apt-get update".

Solution 1:

In Ubuntu 10.10, Update Manager switched from the Synaptic backend to the Aptdaemon backend by default. Aptdaemon allows more fine-grained privilege management with PolicyKit, and the default PolicyKit configuration for regular users allows them to check for updates without needing elevated privileges.

Solution 2:

This answer is a good explanation as to the how this change was made (more hands-on detail is available here).

There's also a why component to the question. For package installation there are a number of security concerns involved in allowing arbitrary users to install software - for an obvious example, exploits which require a particular piece of software to be installed become more widely applicable. There aren't the same sort of security concerns with updating the package cache. It should be always safe to do (or, at least no less safe than other network access which an unpriviledged user is able to do), so it doesn't make sense to restrict it to a privileged user.