[packagekit] This dialog sucks

[Matthias Clasen]

On Tue, 2009-04-21 at 13:13 +0100, Richard Hughes wrote:
> The attached dialog for agreeing to a repository signature sucks. If
> you've got any ideas how to make it prettier, I'm all ears.
> 
> I'm pretty sure we have to show all the information, and I'm not sure
> there's much we can do that's clever. I know we talked of whitelisting
> "safe" keys, but that didn't go down well with RH legal. We also can't
> do this internally to PK, as it doesn't make sense to have a rpmfusion
> key installed on an ubuntu machine.
> 
> I'm looking for radical ideas, as well as HIG suggestions. Thanks.
> 

I guess the main problem with this dialog is that we have to show it at
all. We can of course still work on making it less bad. There's a bunch
of things here that could be better:

- The key-value list is very intimidating. You could try to move at
least some of that into the text, and hide the gory details behind a
Details expander (see below)

- The bold question asks about 'packages', but there is only one package
in the list

- The small-print question talks about a user and a key, but the list of
things doesn't actually have entries for 'user' and 'key', it only has
'Signature user identifier' and 'Signature URL'. I think it would be
good to sort out the terminology here, are we talking about a
'signature' or a 'key' ? Or is the key a part of the signature ?

- Why is the same question asked twice in this dialog, in slightly
different ways ? 


Maybe something like this ?



The vino-doc package from the updates repository has been signed with
the 'Test Key (Fedora)fedora at example.com' key. Do you recognize this key
and want to add it to your list of trusted keys ?

> Details:
Package: 
Repository name:
Signature URL:
Signature Key:
Signature identifier:

[Help]                                 [Trust this key][Cancel]