Untrusted software and security click-through warnings

Ian Jackson ian at davenant.greenend.org.uk
Tue Oct 16 14:43:57 UTC 2007

John Dong writes ("Re: Untrusted software and security click-through warnings"):
> I don't think it'd hurt if we had a warning in gdebi when installing a
> .deb not from or signed by the Ubuntu Archive key, to the likeness of
> "Installing packages not from Ubuntu repositories can introduce software
> bugs, upgrade conflicts, or security vulnerabilities. Make sure you
> trust the origin of this package"
> Of course, I think most people will click through that anyway, but at
> least then we can't say we didn't try.

You seem to have completely missed my point.

Useability involves treating the computer _and_ the user together, and
arranging (by means of changes to the computer and/or the user) that
the combined system is effective.  In our case (as is usual) we have
no real ability to change the users, so we must change the computer.

This process involves observing and understanding the _actual_
behaviour of _real_ people.  It's not an arse-covering exercise.


More information about the Ubuntu-devel-discuss mailing list