[rfc][icedtea-web] Enhanced signed app's messages

Andrew Azores aazores at redhat.com
Wed Dec 4 10:56:07 PST 2013 

On 12/04/2013 01:34 PM, Jacob Wisor wrote:
> Hello!
>
> Jiri Vanek wrote:
> > As Andy suggested, What about this messages?
> > If it will pass, I would like to push it to 1.4 too.
>
> > +SSigUnverified=The application's digital signature cannot be 
> verified. Do you
> > want to run the application, and so grant to this application 
> unrestricted
> > access to your computer?
> > +SSigVerified=The application's digital signature has been verified. 
> Do you
> > want to run the application, and so grant to this application 
> unrestricted
> > access to your computer?
> > +SSignatureError=The application's digital signature has an error. 
> Do you want
> > to run the application, and so grant to this application 
> unrestricted access
> > to your computer?
>
> Hmm, "unrestricted access" sounds scary and/or confusing. Besides, 
> what is it? Does the application get root privileges?
> Perhaps "grant all Java permissions" or "grant the AllPermissions 
> permission" would be more suitable. Especially the latter expression 
> is technically more correct, although probably less understood by the 
> common user. If the application or applet is granted only a specific 
> Permission it would probably be more appropriate to mention it 
> explicitly in that message.
>
> Generally speaking, I am in favor of these kind of changes as long as 
> the affected messages become more precise and simpler to read.
>
> Jacob

I agree that "unrestricted access" is scary and confusing. Perhaps 
that's desirable - an application running with all permissions does have 
free reign to do quite a lot of destruction to a user's personal data. I 
really don't think "grant the AllPermissions permission" is a good 
message, simply because the vast majority of users probably won't know 
what this means. "grant all Java permissions" sounds a little better, 
but is still a bit obscure IMO.

You mention displaying the specific permissions that the application 
will be granted - this is a good idea and probably something we should 
look into for the future. For now however I think it's out of the scope 
of the discussion.

Thanks,

-- 
Andrew A

More information about the distro-pkg-dev mailing list