[packagekit] GPG keys
Richard Hughes
hughsient at gmail.com
Wed Oct 3 00:13:25 PDT 2007
On Wed, 2007-10-03 at 08:58 +0200, Tim Lauridsen wrote:
> There is two ways it can can be handled as i see it:
> 1.
> * If a key is need then the backend send a signal with info about the
> key and aborts.
> * The frontend calls a backend helper with information about repoid &
> keyid to install (if the user answer yes to some kind of dialog)
> * the frontend rerun the previous transaction again ( remember the old
> transaction is not an option, when using helpers)
This is the way to go.
> 2. Implement 2 way signals, so the frontend can send signals back
> to the helper (write some stuff to standard in).
> * if a key is need then the backend send a signal and wait for a
> confirmation signal (from stdin)
> * If the signal is 'CONFIRMATION_YES' then install the key and
> contiune the Transaction, if the signal is 'CONFIRMATION_NO' then
> abort.
Doing this needs some dbus work, and doesn't play nice with async
signals - it might even be a security problem (I think it is) - as any
session process can hijack the transaction (from listening to the bus)
and clear the signal.
> The 2 way signals, can give some extra options, the user can have the
> possibility to see and confirm the transaction before it is processed
> but the 1. is more simple.
Stick to the plan :-)
Richard.
More information about the PackageKit
mailing list