[rfc][icedtea-web] "Always trust content from this publisher" defaulting to checked

[Jiri Vanek]

On 05/20/2014 08:59 PM, Andrew Azores wrote:
> On 05/20/2014 02:54 PM, Omair Majid wrote:
>> * Andrew Azores <aazores at redhat.com> [2014-05-20 14:46]:
>>> On 05/20/2014 02:28 PM, Omair Majid wrote:
>>>> * helpcrypto helpcrypto <helpcrypto at gmail.com> [2014-05-20 14:20]:
>>>>> For our company, the less users have to think/do, the better.
>>>> I think this is the right approach. If you prompt users all the time,
>>>> even for things they have trusted before, they are likely to start
>>>> accepting all prompts. It would be disasterous if they accidentally
>>>> accepted a malicious signed applet.
>>> We already prompt the users *a lot*, and we do it with defaulting to always
>>> trusting the applet in the future. Accepting a malicious applet is bad,
>>> *always* accepting it is worse...
>> It's a bug if we check the "accept-by-default" box by default for an
>> applet not signed by a trusted CA.

afaik this is working fine for me.
>
> I'm not saying the current behaviour is buggy, I'm just saying I don't know if I agree with the
> choice of defaulting it to always accepting for the user in the future.
>
>>
>>>>> My two cents: leave it checked.
>>>>> My two cents (2): I really don't care :P
>>>> Agreed. Lets make sensible decisions where we can, but allow users to
>>>> override them.
>>>>
>>> IMO the more sensible choice is to not, by default, assume the user will
>>> "always trust" any applet at all. If they want to always trust an applet and
>>> not ever be asked about it again, I think that should be a decision they
>>> actively make, rather than be the default that occurs if they blindly click
>>> OK until the applet appears.
>> I am not sure I understand what the new model would be. Wouldn't it be
>> prompting more and then asking them to understand something make a
>> decision (sandbox with appropriate policies vs run) that they are not
>> knowledgeable about in general to make?
>>
>> Thanks,
>> Omair
>>
>
> I think the "Run" button is obvious enough for users who are not informed about the Sandboxing
> options that they can simply choose Run and not worry about it. The new model is the same as the old
> model except without assuming that an applet being signed by a "Trusted CA" is really enough to
> decide that the user really does trust the applet to always run on their machine with full
> unrestricted access.
>

One item to think about - the run in sandbox option is for adavanced users. And even more, in state 
in which it is now, it needs tuning, and sometimes even the tuning is not enough.

I'm inclining to  helpcrypto and Omair - let it be as it is.


so my 0.8 of vote increased to 0.9...Sorry :(


J.


Yes. Users blindly click ok until they run. If they dont run, they rock us.  Well I understand your 
point, let them click ok, but force them to think before "remember"  decision... But wil lthey 
really think?

Somebody said it "our bfu - less thinking, even better"

And verified cacert should be still rocky solid ;(


JJ.