Humanity will never cease to amaze me...
Can... Not... Un... See!!!!!!
It makes the assumption that every user is an admin
RMS makes the same fallacious assumption, and throws root passwords willy-nilly to the users.
That's for FREEDOM man... FREEDOM! I will thank RMS now for allowing me to have my beer and my FREEDOM too!
Anyway, I'm pretty sure RMS's beef was forcing software developers to conceal their actions from each other... I may be wrong though, and then
Well, that's questionable... Unplug the machine, hook it directly to a laptop pretending to be the server but with an old signed package list and old signed packages. You have to fool it into fetching the "new" package list though but launching one of the update tray tools that give you "you have x updates waiting" should cover that without entering any password. As far as I know there's no downgrade protection of package lists so it'll happily accept any old package list and install any old version you want it to.
You have physical access... There are SO many more convenient ways of breaking into the box than what you are describing...
Still. This is a bad idea. Non-admins installing software that admins may or may not know about... yeah... whoever thought of this should be taken behind the chemical shed and shot.
If this is a service economy, why is the service so bad?