RFC: On-demand package installation API in kdelibs

Martin Gräßlin kde at martin-graesslin.com
Wed Jul 28 21:10:22 BST 2010


On Wednesday 28 July 2010 21:54:03 Martin Sandsmark wrote:
> On Wed, Jul 28,
2010 at 09:37:12PM +0200, Lubos Lunak wrote:
> >  I see, the problem is not
installing software, the problem is supposed
> >  to be
> > 
> > making
users more used to entering their password whenever a dialog
> > asking for
it pops up.
> > […]
> > 
> >  Besides, if somebody's stupid enough to fall
for this, they can fall for
> > 
> > something similar already today. Bad
boys can be rather inventive, and
> > stupidity has no limitations. In fact
I doubt people this stupid would
> > see the connection between them doing
something and a password dialog
> > showing up as a consequence.
> 
> As you
said yourself, this is about making users *more* used to
> clickthroughs and
entering their password. And I agree that we should
> minimize the amount of
clickthroughs and password-asking we do. Hence why
> this might be a bad
idea.
There is an easy way to fix that problem. Fedora illustrated it, but
had to revert: don't ask for the password if you want to install from a
trusted repository. This is a perfect example why Fedora was right on it. We
all see that we need and want that functionality and we are discussing to
not do it, because it could be used by $BADGUY to trick $STUPIDUSER in
typing their password in $WINDOW. So if we minimize the cases where the
password is entered, the risk decreases. But that's quite off-topic to the
discussion, hmm thinking about it, protecting stupid users from being stupid
is also offtopic.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100728/efc7c3ff/attachment.sig>


More information about the kde-core-devel mailing list