Comment 0 for bug 1035207

For the unity-webapps work the webapps team would like to install packages that only contain unity-webapps
passwordless for a better user experience. They are regular packages but of a very simple form, essentially
just a javascript file and a icon and no maintainer scripts.

My proposal would be to add a new class of policykit action "org.debian.apt.install-package-whitelisted" that
we can override the permissons via /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla (policykit-desktop-privileges) similar to what we did with "org.debian.apt.upgrade-packages".

The whitelist of the repository would be based on "Origin,Components" and packagename regexp. So something like:
(LP-PPA-app-review-board, main, ^unity-webapps-.*") for the webapps case.

Does that looks like a good approach to you?