low-hanging fruit

David Zeuthen davidz at redhat.com
Wed Aug 22 17:11:29 UTC 2007 

On Wed, 2007-08-22 at 12:34 -0400, seth vidal wrote:
> - import a gpg key from a repo so they can install a package.

... which is an interesting and very technical way of describing trust.
Which I think it is about, yes? E.g. asking whether a software provider
should be trusted.

Deciding to trust someone is of course important. Assuming only Fedora
repos are used (e.g. fedora, fedora-updates, whatever), people wouldn't
see this anyway, right? 

So I just tried with yum

> warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY,
> key ID a109b1ec
> Importing GPG key 0xA109B1EC "Livna.org rpms <rpm-key at livna.org>"
> from /etc/pki/rpm-gpg/RPM-GPG-KEY-livna
> Is this ok [y/N]: y

which, I guess, is perfectly fine for a tool designed for system
administrators. 

(Except, maybe yum should specifically mention that this is about
setting up a trust relationship, then again, it's probably fine to
assume the person seeing this knows that is what it means.)

However, wouldn't it be possible to phrase the question to the user in a
way where GPG keys are not mentioned at all? For example

 +-------------------------------------------------------------------+
 | Do you trust "Livna.org rpms <rpm-key at livna.org>?"                |
 |                                                                   |
 | The software you are trying to install comes from an source       |
 | that can't be verified. <insert lecture about why installing      |
 | untrusted software is bad, what trust is, how to verify, what     |
 | to do etc.>                                                       |
 |                                                                   |
 |                                  [Cancel] [I trust this provider] |
 |                                                                   |
 | > Details (GtkExpander)                                           |
 +-------------------------------------------------------------------+

The details might include techno-babble like the GPG key finger print
(probably should) but it could also integrate with existing
desktop-specific GPG software, e.g. Seahorse which, IIRC, already have
some way of examining trust relationships.

Also, the details bit could be made useful; we could try to determine
what contacts of yours actually trust this provider (online desktop,
social networking); we could look up on your online account if you've
decided to trust this provider before so your computer can avoid asking
you again the next time you are on a different system. Web of trusts,
etc.

These are just some thoughts. Dialogs and questions like these are
always difficult (my example above is already too verbose).

(Another technical tidbit: RPM's GPG keys are tied to the system so when
one user is deciding to import a GPG (aka. start trusting a software
provider) it affects all users on that. Maybe the dialog need to makes
that clear too.)

> - verify that the set of things they are asking to
> install/remove/obsolete is what they _really_ want to do.

I honestly think such users should just use the system administrator
tool, e.g. yum(1). But sure, we could work this into the UI but am
unsure it's a good idea. Do you have any concrete examples from the
history of the stable Fedora Package Collection where this is relevant?

> - let them know they need to reboot/logout/restart-some-program in order
> to have these changes take effect.

We need this. I don't expect it to be difficult to do either.

      David

More information about the Fedora-desktop-list mailing list