[rfc][icedtea-web] Enhanced signed app's messages

Jiri Vanek jvanek at redhat.com
Thu Dec 5 01:26:53 PST 2013 

On 12/04/2013 07:56 PM, Andrew Azores wrote:
> On 12/04/2013 01:34 PM, Jacob Wisor wrote:
>> Hello!
>>
>> Jiri Vanek wrote:
>> > As Andy suggested, What about this messages?
>> > If it will pass, I would like to push it to 1.4 too.
>>
>> > +SSigUnverified=The application's digital signature cannot be verified. Do you
>> > want to run the application, and so grant to this application unrestricted
>> > access to your computer?
>> > +SSigVerified=The application's digital signature has been verified. Do you
>> > want to run the application, and so grant to this application unrestricted
>> > access to your computer?
>> > +SSignatureError=The application's digital signature has an error. Do you want
>> > to run the application, and so grant to this application unrestricted access
>> > to your computer?
>>
>> Hmm, "unrestricted access" sounds scary

considering the original email of Andy, it is exactly what it should sounds like.
Considering the user *do* read, it can more easily understand "unrestricted access" then 
"application is fully signed". If we wont to add "run in sandbox" button soon, or list individual 
requested permissions, then I still believe this message is a step in right direction.

I was trying to transform the message a bit, but all I got was less clear, too long, or more wrong.

So I still would like to push this messages, unless some better versions appear.

>> and/or confusing. Besides, what is it? Does the
>> application get root privileges?

true, this confusion should not happen  -  but what is the difference if app delete home, or system? 
And if you are bad one and runnnig itw under root, or have no password on sudo...

>> Perhaps "grant all Java permissions" or "grant the AllPermissions permission" would be more
>> suitable. Especially the latter expression is technically more correct, although probably less
>> understood by the common user. If the application or applet is granted only a specific Permission
>> it would probably be more appropriate to mention it explicitly in that message.
>>
>> Generally speaking, I am in favor of these kind of changes as long as the affected messages become
>> more precise and simpler to read.
>>
>> Jacob
>
> I agree that "unrestricted access" is scary and confusing. Perhaps that's desirable - an application
> running with all permissions does have free reign to do quite a lot of destruction to a user's
> personal data. I really don't think "grant the AllPermissions permission" is a good message, simply
> because the vast majority of users probably won't know what this means. "grant all Java permissions"
> sounds a little better, but is still a bit obscure IMO.
>
> You mention displaying the specific permissions that the application will be granted - this is a
> good idea and probably something we should look into for the future. For now however I think it's
> out of the scope of the discussion.
>

agree here. But it  will be nice to have. It will also make sense with the new policies, to know 
what the app is really requesting, and so what I wont its to forbid.

Thanx for discussion!

J.

More information about the distro-pkg-dev mailing list