Hello, Am Montag, 8. November 2010 schrieb Henne Vogelsang:
This signature part is not necessarily true. Users have to take care of a simple choice:
--------------------------------------------------------------------- This package comes from an untrusted source and might harm your system!
[Install] [Cancel]
[ ] Details [ ] Never ask me again --------------------------------------------------------------------
There was some discussion about this at the openSUSE conference in the zypp BoF. The results in short: - inherit trust: if a repo key is signed by a known key, display a "less dangerous looking" dialog or (config option or "never ask again" checkbox) no warning at all. Most prominent example: build service keys that are signed by the build service master key - for detail view: if a key is signed by other keys, display them. That gives at least the chance that someone verifies the key chain. Again build service repos are the best example. - IIRC nobody in the BoF said he verifies the fingerprint *) - there were more topics in the BoF, but not related to this question The following is my personal opinion: *) my guess: because it isn't easy enough. Having the key chain visible ("This key is signed by a key you already trust") would bring more security than just displaying a fingerprint nobody checks (you would need to download the key from the repo, verify its fingerprint, check who signed it, ....) The dialog should look more "dangerous" if a key is not signed by any key in the current keyring. The "never ask again" checkbox is a good idea for keys that are signed by an already known key (read: buildservice) - even if I'd never tick that box. For totally unknown keys, I'd recommend _not_ to offer such a checkbox.
Install == Ignore signature Cancel = Cancel Detail == Show details about the signature Never ask me again == Trust Signature
As a typical user, I'd expect a different meaning: Install == Trust this signature (there's no point in installing a package when you don't trust it) Never ask me again == Trust _all_ signatures (IMHO: as long as their key is signed with a already trusted key - see key chain above) Yes, I know that this would mean less security, but hey, I'm just wearing my "typical user" hat in this case ;-) and I also don't say it should be implemented this way. I'm just warning you what bugreports to expect: "Every time I add a repo, I'm asked again! But I ticked the 'never ask again' box!!!!!1!!111!!!!!!" ;-) Maybe the "never ask again" should have a more meaningful title like "never ask again for this signature" or "permanently trust this signature". Or we simply rework the existing way that asks about the key instead of the package - rename the "import" button to "trust permanently". Now choose your favorite way ;-) Regards, Christian Boltz --
In Yast2-System-Editor /etc/sysconfig-Dateien in System-Kernel-MODULES_LOADED_ON_BOOT ide-scsi eintragen. David, bitte wegschauen... Nein David, das hast Du nicht gesehen. Es ist alles OK, David... Ganz ruhig... :-) [> Arne Dieckmann und Thomas Hertweck in suse-linux] -- To unsubscribe, e-mail: opensuse-softwaremgmt+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-softwaremgmt+help@opensuse.org