Untrusted software and security click-through warnings

John Dong jdong at ubuntu.com
Mon Oct 15 16:42:00 UTC 2007


I don't think it'd hurt if we had a warning in gdebi when installing a
.deb not from or signed by the Ubuntu Archive key, to the likeness of
"Installing packages not from Ubuntu repositories can introduce software
bugs, upgrade conflicts, or security vulnerabilities. Make sure you
trust the origin of this package"

Of course, I think most people will click through that anyway, but at
least then we can't say we didn't try.

On Mon, Oct 15, 2007 at 05:31:23PM +0100, Ian Jackson wrote:
> What I'm suggesting is that if they want to do that they should be
> required to do something a little more complicated which is more
> likely to trigger an actual decisionmaking process.  Like, for
> example, typing random commands they found on a webpage.
> 
> Ian.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071015/97316791/attachment.pgp>


More information about the Ubuntu-devel-discuss mailing list