[rfc][icedtea-web] Enhanced signed app's messages
Jacob Wisor
gitne at gmx.de
Fri Dec 6 08:19:23 PST 2013
Andrew Azores schrieb:
> On 12/05/2013 04:26 AM, Jiri Vanek wrote:
>> On 12/04/2013 07:56 PM, Andrew Azores wrote:
>>> On 12/04/2013 01:34 PM, Jacob Wisor wrote:
>>>> Hello!
>>>>
>>>> Jiri Vanek wrote:
>>>> > As Andy suggested, What about this messages?
>>>> > If it will pass, I would like to push it to 1.4 too.
>>>>
>>>> > +SSigUnverified=The application's digital signature cannot be
>>>> verified. Do you
>>>> > want to run the application, and so grant to this application
>>>> unrestricted
>>>> > access to your computer?
>>>> > +SSigVerified=The application's digital signature has been
>>>> verified. Do you
>>>> > want to run the application, and so grant to this application
>>>> unrestricted
>>>> > access to your computer?
>>>> > +SSignatureError=The application's digital signature has an error.
>>>> Do you want
>>>> > to run the application, and so grant to this application
>>>> unrestricted access
>>>> > to your computer?
>>>>
>>>> Hmm, "unrestricted access" sounds scary
>>
>> considering the original email of Andy, it is exactly what it should
>> sounds like.
>> Considering the user *do* read, it can more easily understand
>> "unrestricted access" then "application is fully signed". If we wont
>> to add "run in sandbox" button soon, or list individual requested
>> permissions, then I still believe this message is a step in right
>> direction.
>>
>> I was trying to transform the message a bit, but all I got was less
>> clear, too long, or more wrong.
>>
>> So I still would like to push this messages, unless some better
>> versions appear.
>
> I'll suggest this alternate wording for your consideration:
>
> "The application's digital signature cannot be verified. Do you want to
> run the application? It will be granted unrestricted access to your
> computer."
Reads promising, but I am still uncomfortable with "unrestricted access to your
computer". Since operating systems employ multi-user access and access rights
this statement is simply not true per se. I am well aware that the average user
may not know the difference, but for better or worse todays operating systems
did get complicated. Thus, I do believe it is better to tell the user the
technical truth rather than covering it up with cloudy terms or just scaring the
user away: If you don't know it, you better not touch it. Yes indeed, for most
of life this is the motto anyone should operate under, but we got to have at
least some faith into the user's common sense. Users should rather be enabled to
understand that there are always risks involved using computers and software,
not just be scared off. Users should be given a risk ratio at hand so that
/they/ can decide whether they want to take upon this risk or not.
Long story short, I do not have a wording to suggest, but I am sure Andrew is
wise and skilled enough to come up with a good one. ;-)
Jacob
More information about the distro-pkg-dev
mailing list