On Tue, 2015-06-23 at 18:43 +0200, Tomas Hozza wrote: Hey, I was out for a week, so this may be a bit of a late reply. As Michael and Bastien already stated, all the GNOME networking UI relies on information gotten from NetworkManager, and we'd like to keep it that way. In particular, NetworkManager has an existing API to inform us about captive portals - if at all possible, you should keep that working. [...] > This boils down to what we need from some new version of the UI that > we > need to be well integrated with GNOME: > 1. Be able to inform user about some situations (Captive portal > detected, network blocks all DNS communication, ...) and enable the > user > to take an action. (This could be possibly done by the notifications > system in latest GNOME) > > -> this may be solved also in GNOME already, and may be OK if done > technically correctly. Please note my note earlier on NM notifying > other > services when Captive Portal is detected My perspective on this is that we already have a UI: GNOME shell displays network status, including captive portal. If NetworkManager needs to add a few more connection states related to DNSSEC, we can adapt to that. GNOME shell also launches a browser when needed for captive portal login. If we need to tweak the way the browser is launched to make it work on a dnssec-enabled system, that should be possible. > 2. Possibly have some indicator showing if the system is in "Secure" > or > "Insecure" state. > > 3. Enable the user to switch between those two states manually This seems dubious, at best. What does it mean if my system is 'insecure' ? Will my credit card number be stolen ? Will my system be taken over by intruders if I don't disconnect immediately ? Most users will have no idea, and have to treat such a switch either as "scary, don't touch" or as the "fix the internet" button. I could see adding information regarding the dnssec status of connections to the network panel. For that to happen, the information needs to be represented in the nm connection configuration, e.g. in NmSettingIP4Config, which already has settings like "ignore-auto-dns". > 4. Additionally enable the user to trigger the reprobe of > connection-provided DNS resolvers and display result of the probe > (last > one). > > -> this should not be needed for regular use. It is more of a > debugging tool I would encourage you to ship it separately as such, then. I don't even think it needs to be a graphical tool, a commandline utility would be just fine for this purpose. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
