PackageKit Misconceptions
David Zeuthen
davidz at redhat.com
Wed Aug 22 18:29:39 UTC 2007
On Wed, 2007-08-22 at 14:11 -0400, Jesse Keating wrote:
> On Wed, 22 Aug 2007 14:02:47 -0400
> David Zeuthen <davidz at redhat.com> wrote:
>
> > To me, that's totally not what Colin is suggesting. In fact, there are
> > things in his mail that actually suggests to *improve* security such
> > as replacing, IMO, useless dialogs like "Import this GPG key:
> > <hexnumber>" to something more useful (his proposal about timeouts).
> > See also my other mail about asking better questions like "Import
> > this GPG key: <hexnumber>".
>
> I got from it that he just wants to do away with the question
> entirely. I'm having a hard time figuring out where you guys want to
> go. In one hand you say you don't want dialogs at all that ask people
> to think or even respond, it just does things. On the other you say as
> soon as you allow installing software that is outside of the repos we
> ship, the jig is up and we shouldn't care about any sort of security
> form that point on. I'm lost :(
That's not how I read the thread. Basically
- We should include Fedora GPG keys by default. See
https://www.redhat.com/archives/fedora-desktop-list/2007-August/msg00285.html
why this is a good idea.
- Have some dialogs that are actually *useful* when you try to install
software that comes from outside Fedora. See
https://www.redhat.com/archives/fedora-desktop-list/2007-August/msg00274.html
https://www.redhat.com/archives/fedora-desktop-list/2007-August/msg00279.html
for some ideas.
Is it more clear now?
David
More information about the Fedora-desktop-list
mailing list