[packagekit] This dialog sucks

[Duncan Mac-Vicar Prett]

Richard Hughes wrote:
> The attached dialog for agreeing to a repository signature sucks. If
> you've got any ideas how to make it prettier, I'm all ears.
> 
> I'm pretty sure we have to show all the information, and I'm not sure
> there's much we can do that's clever. I know we talked of whitelisting
> "safe" keys, but that didn't go down well with RH legal. We also can't
> do this internally to PK, as it doesn't make sense to have a rpmfusion
> key installed on an ubuntu machine.
> 
> I'm looking for radical ideas, as well as HIG suggestions. Thanks.
> 
> Richard.

We have a feature request opened for something similar
(https://features.opensuse.org/300754).

The basic problem of the dialog is that is useless. Not even geeks would
compare the fingerprint with the "official" one number by number. And if
people don't do this, then it is useless.

We had a meeting where we agreed:
- the first confirmation, has to show something graphical (here is where
we started brainstorming about using graphical representation of hashes,
like gnupg has for text mode), there is a link on the feature last
comment. One should point the user to the vendor website where he should
be able to find the same "graphic".
- Then, you only care if the fingerprint changes. Right now, ZYpp shows
a new confirmation dialog if this happens. Here we should be more
explicit saying that the fingerprint actually changed from the last
metadata. And show both graphics.

However, we could not find much on this graphical hash generation more
than the ascii stuff gnupg uses. But I think it is an interesting direction.

-- 
Duncan Mac-Vicar P. - Engineering Manager, YaST
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)