On 8/22/07, Jeff Spaleta <jspaleta@xxxxxxxxx> wrote: > On 8/22/07, Owen Taylor <otaylor@xxxxxxxxxx> wrote: > > A) The information displayed to the user has been audited to be accurate > > You have a proposal on how to do this? I have grave concerns about > being legally allowed to do this in a centralize way as part of the > Fedora project. > The larger point about gpg import questions is really unchanged if there's no way to do a central authority. If we can't do a central authority, that just means you have to ask about "import GPG blah blah" and not "do you trust the Fedora Project?", and "import GPG blah blah" is NOT good enough / useful / a solution _at all_. The point is _not_ that a question about "import GPG" is suboptimal; the point is that it's useless and probably even actively harmful. At least that would be _my_ point, if it wasn't someone else's. ;-) Dialogs just are not security. If your software design is insecure if you don't ask, then your system is also insecure if you do ask, because as an empirical matter some huge percentage of people - including very tech-savvy people - will always click yes as a habit. Dialogs are for programmers to cover their own ass and blame the user. They do not do much at all to actually stop whether people become victims of security exploits, _in practice_. A dialog that's human readable (says "Fedora Project" not "GPG blah blah") _might_ be useful for a few more people than one with the GPG stuff, the non-human-readable one is useful for essentially nobody. But fundamentally it's still pretty weak security. A secure design either forbids unsigned stuff in a strong, almost-impossible-to-override way; or is secure despite unsigned stuff. Which in practice afaik means either a central signing authority (or at least some kind of web of trust or definition of which keys you trust), or you sandbox whatever is downloaded. No secure solution I've ever seen involves dialogs as a critical element. Havoc -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
