It's fine to have root as member of the lpadmin group. BUT… it's not fine to have cups-pk-helper run as root and allow unauthorized users (in CUPS' eyes) cancel other user's jobs.
This should be fixed in cups-pk-helper through making it interact with CUPS using the requesting user's user. This would ensure that CUPS's authorizations are respected.
I don't want to see a situation where "any GNOME user" accesses "cups-pk-helper which runs as root" and can then "manipulate CUPS as if it were a member of lpadmin".
It's fine to have root as member of the lpadmin group. BUT… it's not fine to have cups-pk-helper run as root and allow unauthorized users (in CUPS' eyes) cancel other user's jobs.
This should be fixed in cups-pk-helper through making it interact with CUPS using the requesting user's user. This would ensure that CUPS's authorizations are respected.
I don't want to see a situation where "any GNOME user" accesses "cups-pk-helper which runs as root" and can then "manipulate CUPS as if it were a member of lpadmin".