[zypp-devel] [bnc 450001] Disable signed repos if the user does not trust the key?
Hi. Disable signed repos if the user does not trust the key? It's IMO a valid request as the user actively prevents the repo from being used. Or shall we continue to nag the user about trusting the key on every refresh? The question is whether this default should be implemented in libzypp, or if it is something the application should explicitly ask for: Trust key? [ ] Once [ ] Always (import) [X] No [X] not now (ask again on next refresh) [ ] maybe later (disable the repository) [ ] never (delete the repository) Or shall we introduce some zconf option RepoWithUntrustedKey = [nag|disable|delete] -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Andres wrote:
Hi.
Disable signed repos if the user does not trust the key?
It's IMO a valid request as the user actively prevents the repo from being used. Or shall we continue to nag the user about trusting the key on every refresh?
Why not leave it to the user to remove the repo (zypper lr/rr, or in yast gui) before doing other operations?
The question is whether this default should be implemented in libzypp, or if it is something the application should explicitly ask for:
Trust key?
[ ] Once [ ] Always (import)
[X] No [X] not now (ask again on next refresh) [ ] maybe later (disable the repository) [ ] never (delete the repository)
While it would be certainly nice to have the possibility to remove the repo right away, but i'm not sure whether such IMO little benefit would outweight the code effort (the callbacks, translations, handling etc..) + some people might find it too complex or (paradoxically) annoying.
Or shall we introduce some zconf option
RepoWithUntrustedKey = [nag|disable|delete]
If at all, i would go without additional user prompting: RepoWithUntrustedKey = noop|disable|delete with noop as the default - -- cheers, jano Ján Kupec YaST team - ---------------------------------------------------------(PGP)--- Key ID: 637EE901 Fingerprint: 93B9 C79B 2D20 51C3 800B E09B 8048 46A6 637E E901 - ----------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkkwCugACgkQgEhGpmN+6QFv5QCeNl6mgS5I416duNHTp6hDMmC9 oQ4An202MkaezP/JM3L/tnewXKnbCNXb =SvKl -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Friday 28 November 2008 16:14:49 Jan Kupec wrote:
Michael Andres wrote:
Hi.
Disable signed repos if the user does not trust the key?
It's IMO a valid request as the user actively prevents the repo from being used. Or shall we continue to nag the user about trusting the key on every refresh?
Why not leave it to the user to remove the repo (zypper lr/rr, or in yast gui) before doing other operations?
Just beause it's convenient.
The question is whether this default should be implemented in libzypp, or if it is something the application should explicitly ask for:
Trust key?
[ ] Once [ ] Always (import)
[X] No [X] not now (ask again on next refresh) [ ] maybe later (disable the repository) [ ] never (delete the repository)
While it would be certainly nice to have the possibility to remove the repo right away, but i'm not sure whether such IMO little benefit would outweight the code effort (the callbacks, translations, handling etc..)
A callback is already in place, we ask for trust/import. We just have to add a variable for the repos fate.
+ some people might find it too complex or (paradoxically) annoying.
This is true for every dialog we offer ;) -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
Michael Andres wrote:
On Friday 28 November 2008 16:14:49 Jan Kupec wrote:
Michael Andres wrote:
Hi.
Disable signed repos if the user does not trust the key?
It's IMO a valid request as the user actively prevents the repo from being used. Or shall we continue to nag the user about trusting the key on every refresh? Why not leave it to the user to remove the repo (zypper lr/rr, or in yast gui) before doing other operations?
Just beause it's convenient.
It's quite important, that you as user, know how to re-enable a disabled repository or change your mind considering the trust to a key. If user doesn't trust a key, we should disable the repository at maximum, never remove. We shouldn't do things that can't be undone here.
The question is whether this default should be implemented in libzypp, or if it is something the application should explicitly ask for:
Trust key?
[ ] Once [ ] Always (import)
[X] No [X] not now (ask again on next refresh) [ ] maybe later (disable the repository) [ ] never (delete the repository) While it would be certainly nice to have the possibility to remove the repo right away, but i'm not sure whether such IMO little benefit would outweight the code effort (the callbacks, translations, handling etc..)
A callback is already in place, we ask for trust/import. We just have to add a variable for the repos fate.
We had two different pop-ups for that: [ Trust ] [ Do Not Trust ] [ Import ] [ Do Not Import ] and users complained that they want to have it in one dialog. But we could change it to: [ Trust & Import ] [ Disable the Repository ] BTW: "Don't show this dialog again" works too...
+ some people might find it too complex or (paradoxically) annoying.
This is true for every dialog we offer ;)
Two radio button groups, with six different options is pretty much for very dialog. This is not only annoying but also very confusing, I'm afraid. Lukas
On Monday 01 December 2008 14:02:35 Lukas Ocilka wrote:
We had two different pop-ups for that: [ Trust ] [ Do Not Trust ] [ Import ] [ Do Not Import ] and users complained that they want to have it in one dialog.
But we could change it to: [ Trust & Import ] [ Disable the Repository ]
BTW: "Don't show this dialog again" works too...
[trust but not import] IMO is a valid 3rd case here. -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
Michael Andres wrote:
On Monday 01 December 2008 14:02:35 Lukas Ocilka wrote:
We had two different pop-ups for that: [ Trust ] [ Do Not Trust ] [ Import ] [ Do Not Import ] and users complained that they want to have it in one dialog.
But we could change it to: [ Trust & Import ] [ Disable the Repository ]
BTW: "Don't show this dialog again" works too...
[trust but not import] IMO is a valid 3rd case here.
Actually right now it is broken. The users complained about needing to answer two questions. But removing trust/not import is even worse. zypper is much more clever with the question. Duncan -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
Duncan Mac-Vicar Prett wrote:
Michael Andres wrote:
On Monday 01 December 2008 14:02:35 Lukas Ocilka wrote:
We had two different pop-ups for that: [ Trust ] [ Do Not Trust ] [ Import ] [ Do Not Import ] and users complained that they want to have it in one dialog.
But we could change it to: [ Trust & Import ] [ Disable the Repository ]
BTW: "Don't show this dialog again" works too...
[trust but not import] IMO is a valid 3rd case here.
Actually right now it is broken. The users complained about needing to answer two questions. But removing trust/not import is even worse.
zypper is much more clever with the question.
Frankly, if it comes to selecting between 'product/project managers want this' and 'some users want that' we go the 'managers' way. The current solution was requested by managers. Of course, managers should have enough information from all parties to decide. L.
On Wednesday 03 December 2008 14:19:45 Lukas Ocilka wrote:
But we could change it to: [ Trust & Import ] [ Disable the Repository ]
BTW: "Don't show this dialog again" works too...
[trust but not import] IMO is a valid 3rd case here.
Actually right now it is broken. The users complained about needing to answer two questions. But removing trust/not import is even worse.
zypper is much more clever with the question.
Frankly, if it comes to selecting between 'product/project managers want this' and 'some users want that' we go the 'managers' way. The current solution was requested by managers. Of course, managers should have enough information from all parties to decide.
This might again change in the context of: https://bugzilla.novell.com/show_bug.cgi?id=449228. After NCC, system adds ATI and NVIDIA repositories on machines that have neither ATI and NVIDIA hardware. The idea of being able to disable repos by not trusting the key is meant to be a convenient 'fix' for the above shortcoming. Personally I dislike to implement this as a default behavior in libzypp. I'd like the applications to offer 'disable repo', and the user to explicitly select it. But this is meant to be a feature, not a fix for the above bug. If NCC can't filter the repos, maybe registration can do this locally? -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Thursday 04 December 2008 10:23:41 Michael Andres wrote:
On Wednesday 03 December 2008 14:19:45 Lukas Ocilka wrote:
But we could change it to: [ Trust & Import ] [ Disable the Repository ]
BTW: "Don't show this dialog again" works too...
[trust but not import] IMO is a valid 3rd case here.
Actually right now it is broken. The users complained about needing to answer two questions. But removing trust/not import is even worse.
zypper is much more clever with the question.
Frankly, if it comes to selecting between 'product/project managers want this' and 'some users want that' we go the 'managers' way. The current solution was requested by managers. Of course, managers should have enough information from all parties to decide.
This might again change in the context of:
https://bugzilla.novell.com/show_bug.cgi?id=449228.
After NCC, system adds ATI and NVIDIA repositories on machines that have neither ATI and NVIDIA hardware.
The idea of being able to disable repos by not trusting the key is meant to be a convenient 'fix' for the above shortcoming.
Personally I dislike to implement this as a default behavior in libzypp. I'd like the applications to offer 'disable repo', and the user to explicitly select it. But this is meant to be a feature, not a fix for the above bug.
If NCC can't filter the repos, maybe registration can do this locally?
It's not a good idea, because the solution would be very complex (matching repos against pci-ids?) Stano -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
participants (5)
-
Duncan Mac-Vicar Prett -
Jan Kupec -
Lukas Ocilka -
Michael Andres -
Stanislav Visnovsky