[packagekit] This dialog sucks

Duncan Mac-Vicar Prett dmacvicar at suse.de
Wed Apr 22 09:34:39 PDT 2009


Duncan Mac-Vicar Prett wrote:
> We had a meeting where we agreed:
> - the first confirmation, has to show something graphical (here is where
> we started brainstorming about using graphical representation of hashes,
> like gnupg has for text mode), there is a link on the feature last
> comment. One should point the user to the vendor website where he should
> be able to find the same "graphic".
> - Then, you only care if the fingerprint changes. Right now, ZYpp shows
> a new confirmation dialog if this happens. Here we should be more
> explicit saying that the fingerprint actually changed from the last
> metadata. And show both graphics.
> 
> However, we could not find much on this graphical hash generation more
> than the ascii stuff gnupg uses. But I think it is an interesting direction.
> 

I forgot the main part of the solution,

Also the real way to improve that dialog (appart of what I wrote above)
is to avoid showing it.

That could be done by allowing transitive trust of keys. So if a key is
signed by a trusted key, one level of transitivity, the repository could
be considered trusted (and the key does not need to be imported into the
trusted keyring).

This implementation is backend specific. We plan to do that, however I
don't see it coming soon.

-- 
Duncan Mac-Vicar P. - Engineering Manager, YaST
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)




More information about the PackageKit mailing list