[rfc][icedtea-web] "Always trust content from this publisher" defaulting to checked
Omair Majid
omajid at redhat.com
Tue May 20 18:54:16 UTC 2014
* Andrew Azores <aazores at redhat.com> [2014-05-20 14:46]:
> On 05/20/2014 02:28 PM, Omair Majid wrote:
> >* helpcrypto helpcrypto <helpcrypto at gmail.com> [2014-05-20 14:20]:
> >>For our company, the less users have to think/do, the better.
> >I think this is the right approach. If you prompt users all the time,
> >even for things they have trusted before, they are likely to start
> >accepting all prompts. It would be disasterous if they accidentally
> >accepted a malicious signed applet.
>
> We already prompt the users *a lot*, and we do it with defaulting to always
> trusting the applet in the future. Accepting a malicious applet is bad,
> *always* accepting it is worse...
It's a bug if we check the "accept-by-default" box by default for an
applet not signed by a trusted CA.
> >>My two cents: leave it checked.
> >>My two cents (2): I really don't care :P
> >Agreed. Lets make sensible decisions where we can, but allow users to
> >override them.
> >
>
> IMO the more sensible choice is to not, by default, assume the user will
> "always trust" any applet at all. If they want to always trust an applet and
> not ever be asked about it again, I think that should be a decision they
> actively make, rather than be the default that occurs if they blindly click
> OK until the applet appears.
I am not sure I understand what the new model would be. Wouldn't it be
prompting more and then asking them to understand something make a
decision (sandbox with appropriate policies vs run) that they are not
knowledgeable about in general to make?
Thanks,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the distro-pkg-dev
mailing list