I recently helped another user through the process of repairing a very broken system. In attempting to free up some space on /boot, he accidentally removed the packages for *all* of his kernel images. He intended to remove all but the most recent, I assume. (reference: http://ubuntuforums.org/showthread.php?t=1313854)
I'm proposing this idea because it's incredibly easy to accidentally render a system unbootable, and it's disproportionately difficult to fix it once it's in that state. I don't really think this is a *bug* per se, since the package manager was obeying the user input.
Last I checked, you needed to be root (or use sudo) to do that.
If we are going to restrict this, we may as well restrict users from manually running "sudo rm -rf /boot/*" which I find to be a bad solution.
Instead we should be INFORMING users that certain actions are not safe to run. For packages that need to be there (kernel, etc), as note or warning next to the package such as "warning, this package is required for the proper running of your computer" should be enough. If users are going to read that, then there's not much else you can do.
To avoid such problems, ubuntu should automatically clear old kernels, and leave only one or two recent kernels.
If kernels won't be taking space on root partition, then users wouldn't try to do it manually with sometimes bad outcome.
@Ssdg: ""sudo" powers require great responsibility. And typing the password should be enough a warning."
That could be a problem, considering how often sudo is required to do tasks. Ubuntu users get as used to sudo and giving permissions as users of newer Microsoft operating systems have gotten used to clicking through UAC boxes.
There is a good point here in having a "second layer" that is more serious than the first.
I disagree. Additional warnings and popups do not improve security in my opinion. Example: all of the unexperienced users i know (including my girl friend) do not read warning messages/error messages etc. They just click it away and then ask: why doesn't it work? And thats the way most of end users work.
Common (daily) work should be possible without any root permissions and the term of 'administrating' a computer by typing the 'administrator password' needs to be emphasized in turn.