Michael Andres wrote:
On Friday 28 November 2008 16:14:49 Jan Kupec wrote:
Michael Andres wrote:
Hi.
Disable signed repos if the user does not trust the key?
It's IMO a valid request as the user actively prevents the repo from being used. Or shall we continue to nag the user about trusting the key on every refresh? Why not leave it to the user to remove the repo (zypper lr/rr, or in yast gui) before doing other operations?
Just beause it's convenient.
It's quite important, that you as user, know how to re-enable a disabled repository or change your mind considering the trust to a key. If user doesn't trust a key, we should disable the repository at maximum, never remove. We shouldn't do things that can't be undone here.
The question is whether this default should be implemented in libzypp, or if it is something the application should explicitly ask for:
Trust key?
[ ] Once [ ] Always (import)
[X] No [X] not now (ask again on next refresh) [ ] maybe later (disable the repository) [ ] never (delete the repository) While it would be certainly nice to have the possibility to remove the repo right away, but i'm not sure whether such IMO little benefit would outweight the code effort (the callbacks, translations, handling etc..)
A callback is already in place, we ask for trust/import. We just have to add a variable for the repos fate.
We had two different pop-ups for that: [ Trust ] [ Do Not Trust ] [ Import ] [ Do Not Import ] and users complained that they want to have it in one dialog. But we could change it to: [ Trust & Import ] [ Disable the Repository ] BTW: "Don't show this dialog again" works too...
+ some people might find it too complex or (paradoxically) annoying.
This is true for every dialog we offer ;)
Two radio button groups, with six different options is pretty much for very dialog. This is not only annoying but also very confusing, I'm afraid. Lukas