Untrusted software and security click-through warnings

Thorsten Sick modern_ronin at web.de
Tue Oct 16 07:06:18 UTC 2007


Hi

> On Tue, Oct 16, 2007 at 03:08:45AM EST, Alexander Sack wrote:
> > how about using a captcha-like mechanism to trigger this decisionmaking
> > process?

Captachas are to proof the computer is interacting with a human. We need
more of a wake-up call.

Maybe a dialog
---------- DANGER --------
- You want to run a program from a untrusted source with administrator
privilege.

This can destroy all your data, your data could be stolen or your
bookmarks deleted

Please insert "danger" in the field below to proceed.


[             ]
<ABORT>
-------------------------

Seen that in aptitude.


Thorsten Sick

> Sorry, but this has accessibility implications, unless its totally viewable by the GNOME 
> accessibility framework, i.e no images.
> - -- 
> Luke Yelavich
> GPG key: 0xD06320CE 
> 	 (http://www.themuso.com/themuso-gpg-key.txt)
> Email & MSN: themuso at themuso.com
> Jabber: themuso at jabber.org.au
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFHE+k6jVefwtBjIM4RAln5AKDtE2pFJObWnAwIL2XaFa8hR6Rn7QCgzmdj
> Y8I4fgy6vyyzViJfNJ8qDGY=
> =GxhD
> -----END PGP SIGNATURE-----
> 
-- 
Ich denke, also bin ich hier falsch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071016/05aaa532/attachment.pgp>


More information about the Ubuntu-devel-discuss mailing list