On Mon, 22 Aug 2005 16:00:37 -0400 (EDT), Sean wrote: > Would be nice to avoid the need for the command line. Wouldn't a simple > popup having a boilerplate warning and the description extracted from the > rpm be sufficient? If not, what else is needed? At least one hurdle that makes it less easy. ;) The simple click-click-click-to-add-a-repository bears just too many risks, because its target group would _not_ verify painstakingly what will be added to the system configuration. > Remember this is about > generic rpm installation of any program, not just rpms containing repo > entries. Clicking onto a local *.rpm file opens the system-install-packages command by default, which in turn prompts the user for the root password. That is easy and dangerous enough. As soon as system-install-packages can access the configured online repositories in order to resolve dependencies, what else do you need? > I suppose there should be a more verbose warning message if the > rpm isn't signed with a trusted key but beyond that how much more "secure" > can you make it? Theoretically, _much_ more secure, e.g. with fully relocatable packages and a user-writable RPM database, so the user can install _some_ packages without needing superuser privileges. -- Michael Schwendt <mschwendt@xxxxxxxxxxxx> Fedora Core release 4 (Stentz) - Linux 2.6.12-1.1398_FC4 loadavg: 1.02 1.14 0.92 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
