RFC: On-demand package installation API in kdelibs

Lubos Lunak l.lunak at suse.cz
Thu Jul 29 13:43:32 BST 2010 

On Wednesday 28 of July 2010, Martin Sandsmark wrote:
> On Wed, Jul 28, 2010 at 09:37:12PM +0200, Lubos Lunak wrote:
> >  I see, the problem is not installing software, the problem is supposed
> > to be making users more used to entering their password whenever a dialog
> > asking for it pops up.
> > […]
> >  Besides, if somebody's stupid enough to fall for this, they can fall for
> > something similar already today. Bad boys can be rather inventive, and
> > stupidity has no limitations. In fact I doubt people this stupid would
> > see the connection between them doing something and a password dialog
> > showing up as a consequence.
>
> As you said yourself, this is about making users *more* used to
> clickthroughs and entering their password. And I agree that we should
> minimize the amount of clickthroughs and password-asking we do. Hence why
> this might be a bad idea.

 Might be a bad idea. Everything might be a bad idea. So do we ban changing 
the clock because that requires the root password? KCMs that require root 
access? KMail asking for account details? Screensaver password? Web logins? 
There are already pages that tell people to download setup.exe and what to do 
with the dialogs that show up, and can do the same with e.g. rpm. You make it 
sound like this specific feature would suddenly skyrocket the number of 
password dialogs.

> >  Well, as Chani said, what are your thoughts on KWallet then? I don't use
> > it myself, but as far as I can judge, it rather randomly pops up and asks
> > for a password. It shouldn't be a big problem faking that.
>
> Your average user only sees the kwallet password entry dialog once on
> login, and once for each new program using it, asking if the application
> should get access.

 Which still appears to be more often than possibilities to see a dialog 
asking for installing additional packages.

> And even the initial password asking can be eliminated (as lemma finishes
> kwallet-pam, which is in playground).
>
> >  Finally, since it would be installing software from known sources, it
> > actually doesn't really need to require a password. The only bad thing
> > that could happen would be running out of disk space, and I know simpler
> > ways of achieving that on most machines.
>
> Opensuse ships libdvdcss and unlobotomized multimedia libraries in the
> default repositories?

 No. They are in additional 3rd party repositories which need to be added 
first, or the packages need to be installed in a different way, so they sadly 
can't be installed in a simple way :(. But you don't install those every day 
either.

 But anyway, many people agree, some people disagree, and there doesn't seem 
to be a middle ground. Since the default will be disabled and enabling will 
require special effort from the packager, I will work on a suitable 
implementation for submitting. Those that don't like it can just leave it as 
it is (or add an "Are you stupid?" dialog first where only declining will 
prove the user worthy of the feature, for all I care).

-- 
 Lubos Lunak
 openSUSE Boosters team, KDE developer
 l.lunak at suse.cz , l.lunak at kde.org

More information about the kde-core-devel mailing list