Vincenzo Ciancia wrote :
> - messages can contain URLs. One can use a clickable URI to run a
> program - e.g. update-notifier. Indeed, these URIs must be made
> clickable in the client _only if_ coming from the system account. And
> for more security enabled applications could be whitelisted as one can
> do with sudo.
I'm *very* glad to see security addressed. One problem with a "Click
Here" window floating around is for the new user to understand if this
is a system update or a phishing popup from Firefox. This is a common
practice on that other OS we all want to get away from ("A virus has
been detected, Just click here to fix your system"). The first
successful attack will warn users away from updating ever. Getting
security right is of the utmost importance. As a user I would like to
understand how the windows can be (visually or otherwise) distinguished
from a malicious popup to trick me into pwning my machine.
BTW, with a notification I feel more confident because the notification
had to get installed with admin permissions and when I click it I have a
high degree of confidence it will launch the Real(tm) update-manager
rather than a trojan. That isn't to say this problem couldn't /
shouldn't be solved for floating update notification windows.
> - If ALL the applications notify via this system, there can be a
> "system" buddy that notifies you of ALL system messages, instead of a
> SEPARATE window for every application. Enabling the chat log in the IM
> client will save all the messages that the system sent to you, so that
> you can choose when to take a look at all the pending messages (e.g.
> before going home from office).
I agree, there should be a central place where I can get all important
notification, and the existing notification area is likely too heavily
used / abused to fix. But please per above make it something that I can
easily trust.
> - the only problem I see is: how to make a notification persistent
> across different sessions? That's a problem also in pidgin: if I close
> the session without reading a pending message, will I be notified next
> time? I don't think so. But perhaps this is easy to solve, and indeed
> would be part of the blueprint.
Also a crash with a pending update notification that doesn't come back
to remind me of the fix is potential death to the system. Or else
everyone goes back to polling the servers when ever they feel the urge.
Maybe the pidgin interaction model is worthy for consideration but may
need a new implementation to handle persistence.
--
[Jaunty] Update Notifier icon would provide useful status information
https://bugs.launchpad.net/bugs/332945
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
