[packagekit] This dialog sucks
Richard Hughes
hughsient at gmail.com
Wed Apr 22 01:50:19 PDT 2009
On Tue, 2009-04-21 at 12:09 -0400, Jon McCann wrote:
> Firstly, this dialog should never - ever - appear when installing
> updates from the update viewer. No excuses. Updates should not
> appear in the list unless they are trusted.
Agree. The only case this will not be true is when the distro changes
the signing key mid-release, which shouldn't even happen (although
happened to Fedora in F9, but that's the exception to prove the
rule...).
> So, I'm assuming that this dialog appears when a user asks to install
> a new application that is untrusted.
Yes.
> Vista shows something like this:
> http://i.zdnet.com/blogs/fujitsu_unsigned_driver.png
>
> See the attached screenshots of what Firefox 3.1beta displays in
> response to an untrusted site.
>
> Something like those would be a lot better.
Cool, thanks for the screenshots, appreciated. What about something like
this:
___________________________________________________________________
|______________________________________________________________[x]_|
|
| The software source 'updates' contains an untrusted package
|
| You have asked to install a package 'vips-doc' that has a
| signature that is not trusted by you.
|
| Normally, packages are signed with a key to prove that the
| they have not been tampered with. This package has been signed
| by a key that is not recognised.
|
| If you do not recognise the user 'Test Key, fedora at example.com'
| then this warning could mean the someone is trying to install
| untrusted packages on your system, and you should not continue.
|
| Details: (hidden by default)
| [ Signature ID: BB7576AC
| [ Signature URL: http://example.com/gpgkey
|
| [ Cancel Install ] [ Trust Software Source ]
|___________________________________________________________________
Richard.
More information about the PackageKit
mailing list