Displaying privilege requirements on Software Centers

Alexander Larsson alexl at redhat.com
Tue Jun 13 07:12:42 UTC 2017 

On Mon, 2017-06-12 at 18:17 +0200, Aleix Pol wrote:
> Hey,
> I wanted to display somehow which resources are going to be required
> by an application to the user, so he gets to know before (or after)
> installing an application.
> 
> Since there's quite some flatpak-specific semantics related I thought
> it could make sense to have some discussion about it first, since I'm
> guessing other front-ends will need the feature (and I don't know if
> it's implemented already, please correct me if I'm wrong) and it
> possibly doesn't make sense that all take different routes.
> 
> I haven't run it through our visual design group yet, but my
> impression is that we'll need an icon + text for each privilege.
> Seeing how complex it looks on the metadata file we possibly want to
> do some grouping as well.
> 
> Any thoughts?

I have not really done any thorough design work around this other than
making sure we can get the metadata for the app before installing it so
that it is fundamentally possible. I have done some quick thinking
about it though. The metadata format is way to complex too expose to
users as-is, and some of the permissions will need to be
ignored/merged/transformed. This will not be trivial, and it would be
best if support for this was in libflatpak so that every implementor
could share it.

First of all, I think it will be up to each desktop to pick a set of
things that we never show. For instance, I can imagine a future where
we never show any text/icons for apps wanting access to wayland and
output-only pulseaudio. But, this could change over time, for instance
as we make pulseaudio more safe. Also, if you're not on wayland we
should probably not show a permission request for X11, as all apps will
have that. So, I think we need to pass in some sort of filter to
libflatpak to limit what it shows.

Secondly, some permissions are very flexible, such as the filesystem
access or the dbus access. You can have everything from "access
everything, to readonly access to some directory in your homedir only".
  Additionally, some of the common patterns like dconf and kdeglobals
should probably be decoded and shown as a higher level item. So, I
think we want to just show "access to user files" in most cases, but
then have a "details" expander with more tech details. Maybe in some
cases we should should something else, like "access to user downloads
directory".

Anyway, I'd love it if someone sat down and did the design work for
this so we could share the lowlevel implementation.


-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl at redhat.com            alexander.larsson at gmail.com 
He's a scarfaced hunchbacked filmmaker on the edge. She's a wealthy 
motormouth queen of the dead with a flame-thrower. They fight crime!

More information about the Flatpak mailing list