[packagekit] GNOME summit and more about GPG keys

[Robin Norwood]

Adrien BUSTANY <madcat at mymadcat.com> writes:

> Robin Norwood a écrit :
> Just about the confirmation window I was talking about in the precedent
> mail, to accept or not gpg keys, I did a simple mockup :
> http://maison.mymadcat.com/~madcat/ecran.jpg . That way we don't need to
> show the user a scarrying gpg key, but he can see it if he wants to.

Yeah, this option was brought up in the RH discussion - rolling up the
GPG fingerprint might be the way....

My only concern with that is that it might fool the user into thinking
all the security is already taken care of.  I was also thinking - if the
key is already in /etc somewhere, then the user has already trusted
something (like the repo's RPM)...so maybe we could have different
messaging if the key already exists in /etc versus the case where they
key needs to be downloaded from an external URL.

In the /etc case, if an attacker has managed to write to /etc, the user
has already lost...we can just say 'Trust this new repository?'.  If the
key needs to be downloaded on the system, we could hint that the user
should *really* check to make sure they trust that URL.

-RN

-- 
Robin Norwood
Red Hat, Inc.

"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching