uld not have a contractual obligation with Canonical
because we are not a legal entity.
Best regards,
2007/10/1, Ian Jackson <[EMAIL PROTECTED]>:
>
> João Pinto writes ("RE: Untrusted software and security click-through
> warnings"):
> > I agree with some of your points,
On Oct 2, 2007, at 11:51 AM, João Pinto wrote:
...
If PPAs availability increases there will be nasty people providing
nasty packages, if you are concerned about naive users, then my first
suggestion is to present an initial screen during Ubuntu install with:
"If you add extra repositories or i
I taught we were talking about users which are expected to understand what
is a software repository or what is a software install package, the security
improvement would be for those users, to make sure they would understand the
risks of using such resources.
In my opinion for users which do have t
João Pinto writes ("Re: Untrusted software and security click-through
warnings"):
> 2 - fake software, or "companion" software
...
> Case 2 can only be addressed by educating people on how to use the
> internet on a safely manner, again, typing random commands from
I don't think it'd hurt if we had a warning in gdebi when installing a
.deb not from or signed by the Ubuntu Archive key, to the likeness of
"Installing packages not from Ubuntu repositories can introduce software
bugs, upgrade conflicts, or security vulnerabilities. Make sure you
trust the origin
On Mon, Oct 15, 2007 at 05:31:23PM +0100, Ian Jackson wrote:
> João Pinto writes ("Re: Untrusted software and security click-through
> warnings"):
> > 2 - fake software, or "companion" software
> ...
> > Case 2 can only be addressed by educating people o
On Mon, Oct 15, 2007 at 07:08:45PM +0200, Alexander Sack wrote:
>
> how about using a captcha-like mechanism to trigger this decisionmaking
> process?
>
> - Alexander
In order to install this package, you need to demonstrate your ability
to make sound decisions:
(1) Please click the term of th
More seriously, I don't think it's a good idea to force the user to
intake a warning by locking out the UI until the user performs some
magic unlock sequence dictated by the warning (such as a CAPTCHA). It is
cumbersome and inconvenient to the user, and most like the user would
just grumble and dir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Oct 16, 2007 at 03:08:45AM EST, Alexander Sack wrote:
> how about using a captcha-like mechanism to trigger this decisionmaking
> process?
Sorry, but this has accessibility implications, unless its totally viewable by
the GNOME
accessibility
Hi
> On Tue, Oct 16, 2007 at 03:08:45AM EST, Alexander Sack wrote:
> > how about using a captcha-like mechanism to trigger this decisionmaking
> > process?
Captachas are to proof the computer is interacting with a human. We need
more of a wake-up call.
Maybe a dialog
-- DANGER
-
On Oct 16, 2007, at 6:08 AM, Alexander Sack wrote:
On Mon, Oct 15, 2007 at 05:31:23PM +0100, Ian Jackson wrote:
...
At the moment a user can unwittingly compromise their system just by
clicking on one thing on a website and then saying `yes' a few times.
What I'm suggesting is that if they wan
On Tue, Oct 16, 2007 at 10:40:46PM +1300, Matthew Paul Thomas wrote:
> On Oct 16, 2007, at 6:08 AM, Alexander Sack wrote:
>>
>> how about using a captcha-like mechanism to trigger this decisionmaking
>> process?
>> ...
>
> For example, have the computer specify that the user must type
> eit
John Dong writes ("Re: Untrusted software and security click-through warnings"):
> I don't think it'd hurt if we had a warning in gdebi when installing a
> .deb not from or signed by the Ubuntu Archive key, to the likeness of
> "Installing packages not from
Alexander Sack writes ("Re: Untrusted software and security click-through
warnings"):
> how about using a captcha-like mechanism to trigger this decisionmaking
> process?
I assume this is some kind of joke but I'm afraid I don't get it.
Ian.
--
Ubuntu-devel-discuss
Alexander Sack writes ("Re: Untrusted software and security click-through
warnings"):
> I completely agree. My point is: if captchas don't help then why would
> pasting commands from the net help to get the user think about the
> risk their actions imply?
The point is
I completely agree with Ian: let's just get rid of GDebi & Co. installed
by default, thus requiring the users to copy/paste commands to a
console. This is IMHO the best warning we can provide, and daring/being
able to start a console and do this is already a check of the user will
and capacity at t
On Oct 16, 2007, at 11:26 PM, Alexander Sack wrote:
...
My opinion is clearly that we should come up with a decent and
standardized way to add third party applications that we can actually
_control_ and design in a way that at least gives our users a chance
to educate themselves before taking any
Hi
Maybe i found a solution for this problem:
Am Dienstag, den 16.10.2007, 15:48 +0100 schrieb Ian Jackson:
> Alexander Sack writes ("Re: Untrusted software and security click-through
> warnings"):
> > I completely agree. My point is: if captchas don't help then why
18 matches
Mail list logo
