One can simplify the problem by assuming the user is one-click installing apps from existing repos in his system. I think the focus of this project should be a usable and elegant tool, and trying to solve all trust/safety issues is out of place here.

Will

From: jdd
Sent: 05/04/2012 22:18
To: opensuse-project@opensuse.org
Subject: Re: [opensuse-project] Re: GSoC 2012 - Beautiful 1-Click Install

Le 05/04/2012 22:30, Saurabh Sood a écrit :
> Sorry. I forgot to add the link :/
> http://www.google-melange.com/gsoc/proposal/review/google/gsoc2012/saurabhsood91/21002
>
> Regards,.
> Saurabh
>
> On Fri, Apr 6, 2012 at 1:59 AM, Saurabh Sood<saurabhsood91@opensuse.org> wrote:
>> Hi,
>> I have completed my proposal for 'Beautiful 1-Click Install'. It would
>> be great if it could be reviewed. I am open to changes and criticism
>> Hoping to hear soon,
>>
>> Regards,.
>> Saurabh Sood

nice presentation.

The main drawback (not from you, it is also present now) is that the
"trust" question do not have valid answer.

the user have no real way to know if the operation at this moment is
safe or not. He can only think it's safe because of the place he found
the 1 clic button.

the problem is not a security (safe as fight against malware) that
have no solution I know, but "may this install break my openSUSE",
which is different (conservation versus security).

Example I lived: I want to install the very last digikam software. I
don't know or don't understand for what kde version it's compiled and
clic on 1-click

Then the install software warns me, saying that he need to install KDE
4.8.9 (immaginary number).

I think: if he have to install an other kde, it's because mine is not
the necessary one, but last time I did, my install was broken, so no I
don't want to continue.

So the word "trust" is not good, it's not that I don't trust the
repository (it's perfectly valid), but I don't want to use this one.

So It would be better to have some notice like "You have to add this
repository, are you sure you want to do this" (in fact it's what is
done now) and add a button "proceed" (in place of "trust")

sorry for my bad english, I hope I made the things clear but I'm not
sure it is :-(

jdd

--
http://www.dodin.net
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org
To contact the owner, email: opensuse-project+owner@opensuse.org