[packagekit] This dialog sucks
James Antill
james at fedoraproject.org
Wed Apr 22 07:19:48 PDT 2009
On Wed, 2009-04-22 at 14:23 +0100, Richard Hughes wrote:
> On Wed, 2009-04-22 at 09:50 +0100, Richard Hughes wrote:
> > Cool, thanks for the screenshots, appreciated. What about something
> > like this:
>
> Or, mocked up in glade:
Speaking as a security type person, you aren't showing any information
(by default) that can't be spoofed by anyone.
Speaking as a user, pretty much the only thing I check is that the key
URL points to something I'd trust (ie. file:) and you aren't showing
that.
Speaking as a packaging type person, one interesting thing is that you
could do a file lookup on the package owner of the key (if it's a a
file: URL). So you could show something like:
"""
This package has been signed with the key from the installed package:
adobe-release-i386: linux.adobe.com Repository Configuration
Install Date : Wed 25 Feb 2009 11:29:51 AM EST
linuxdownload.adobe.com repository contains RPM packages of Adobe Linux
Software
v More details:
The gpg key is: file:/etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
...
"""
--
James Antill - james at fedoraproject.org
"I'd just like to see a realistic approach to updates via
packages." -- Les Mikesell
More information about the PackageKit
mailing list