Untrusted software and security click-through warnings
Matthew Paul Thomas
mpt at canonical.com
Tue Oct 2 03:41:16 UTC 2007
On Oct 2, 2007, at 11:51 AM, João Pinto wrote:
> ...
> If PPAs availability increases there will be nasty people providing
> nasty packages, if you are concerned about naive users, then my first
> suggestion is to present an initial screen during Ubuntu install with:
> "If you add extra repositories or install .debs from the web, please
> make sure you are using a trusted source, otherwise you may get
> malicious software", if it is important enough, let's make it hard to
> accept, it is a simple text o read (1 line), there is no excuse for
> "next -> next".
> ...
Regardless of whether you think there is any "excuse" for "next ->
next", most people would still do it, and wouldn't read the message.
Even if they did read the message, most wouldn't have a clue what you
meant by "repositories", ".debs", or "trusted source".
And even if they did understand the message, it could be weeks, months,
or years later that they first had the opportunity to download software
from the Web. Quite long enough to forget that they shouldn't be doing
it.
If you want to discourage people from downloading software off the Web,
an operating system installer is hardly the place to do it.
Cheers
--
Matthew Paul Thomas
http://mpt.net.nz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071002/bd708862/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list