Untrusted software and security click-through warnings

jdong jdong at ubuntu.com
Mon Oct 15 17:52:00 UTC 2007


More seriously, I don't think it's a good idea to force the user to
intake a warning by locking out the UI until the user performs some
magic unlock sequence dictated by the warning (such as a CAPTCHA). It is
cumbersome and inconvenient to the user, and most like the user would
just grumble and direct his attention at completing the test, not
spending any time looking at the warning.

The maximum level of warning I'd be comfortable with is for gdebi to
show a bold red warning that the package is not signed by the official
Ubuntu Archive key, like the one I suggested earlier. Any additional
popup dialogs or user interaction would be nuisances.


John


On Mon, Oct 15, 2007 at 01:23:58PM -0400, jdong wrote:
> In order to install this package, you need to demonstrate your ability
> to make sound decisions:
> 
> (1) Please click the term of the following equation that represents the
> Maxwell Correction of Ampere's loop law:
> 
> The [Divergence of the magnetic field] is equal to the [permittivity times
> the charge density] plus the [the partial time derivative of the
> electric field times a constant]
> 
> (2) When Compiz by default was deferred from Feisty, did you cry?
>     [Yes]  [No]
> 
> (3) How do you install VLC Media Player?
>    [A] VLC Media Player permits playback of patent encumbered non-free
> audio formats and is a moral sin to even consider installing.
>    [B] Double-click Automatix, choose Media Player and Editors, then
> check VLC Media Player and press the orange Start button.
> 
> 
> :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071015/22bcfbaa/attachment.pgp>


More information about the Ubuntu-devel-discuss mailing list