On Wed, 22 Aug 2007 14:02:47 -0400 David Zeuthen davidz@redhat.com wrote:
To me, that's totally not what Colin is suggesting. In fact, there are things in his mail that actually suggests to *improve* security such as replacing, IMO, useless dialogs like "Import this GPG key: <hexnumber>" to something more useful (his proposal about timeouts). See also my other mail about asking better questions like "Import this GPG key: <hexnumber>".
I got from it that he just wants to do away with the question entirely. I'm having a hard time figuring out where you guys want to go. In one hand you say you don't want dialogs at all that ask people to think or even respond, it just does things. On the other you say as soon as you allow installing software that is outside of the repos we ship, the jig is up and we shouldn't care about any sort of security form that point on. I'm lost :(