Le dimanche 08 mars 2009 à 21:37 +0100, Herman Robak a écrit : > On Sun, 08 Mar 2009 20:30:50 +0100, Josselin Mouette <j...@debian.org> wrote: > > And this doesn’t cope at all with the case where the SSH connection is > > not initiated from the shell. If it is initiated by gvfs because the > > user opened a nautilus window or a file on a remote share, there is no > > shell to display the prompt in. > > To be fair, that is the developer's problem, not the user's problem.
No, this is clearly the user’s problem. The user initiates a SSH connection one way or another, there is an increasing number of possible ways to initiate it, and he needs to be provided with authentication in all these cases. > > I’d say quite the contrary, since the dialog is always the same. > > Previously, you’d have different prompts depending on where the > > connection was initiated (e.g. the shell, nautilus, or seahorse). > > That sounds like a compelling argument if you think that users > use OSes, rather than applications. But users are application > minded. The whole point of having an integrated desktop environment is to let go of this obsolete way of thinking. With Debian, we ship a desktop that is ready to use, and that works as a whole, not as a group of applications. And if you really want just a collection of applications, there is the LXDE CD. > > Otherwise, if you don’t like gnome-keyring, it’s simple: don’t use it. > > Here I'll refer to the reporter's request: > "Alternatively, provide a way of de-installing > the package without de-installing half of Gnome." /usr/share/doc/gnome-keyring/README.Debian > The real message is "if you don't like gnome-keyring, don't use GNOME." > That was the consequence understood by the reporter. He left it at that. Another person doesn’t like metacity because the keyboard shortcuts are different from those in fvwm, and another doesn’t like totem because the playlist doesn’t have the same color as the XMMS one. Should we change the colors and the keyboard shortcuts because of that? > I would not have bothered you if I just disliked it. I commented because > this is the default desktop install on Debian, and I have doubts that the > new feature is as secure even to those who don't dislike it. Again, if you have serious concerns about security, I’m ready to hear about them. Currently the only reasoning I’m seeing is: “I don’t like this dialog, so there HAS to be something insecure about it.” > Since key management and passwords are all about security, the priority > has to be saving the user's butt in the very long run. I don't find it > reassuring that GNOME employs an anti-pattern like the floating parent- > less popup dialog to prompt the user for the magic word. Making it a > consistent anti-pattern just compounds the adverse effects. Such prompts > should be firmly attached to the gizmo/program that triggered them, and > the user should be taught to expect _that_. I’m not so sure about this being an anti-pattern. The tendency in security systems is to cleanly separate authentication and authorization, and this means the user will be asked for authentication from always the same service. This is conceptually what Kerberos does, for example. Anyway, this problem is far from being as simple as attaching a window to another one. Maybe you should know that making the user aware of what exactly is requiring a keyring unlock is one of upstream’s concerns, and they would probably be thrilled to see someone propose new approaches. > Honestly, I have little hopes to duke this out with the GNOMEs, so I'll > ask whom it may concern in Debian, just for the record: > > Are you concerned? I am very concerned about providing good defaults for GNOME in Debian, and I do not hesitate to go against upstream’s opinion sometimes. I can’t talk for the other team members, but you really can’t say that Debian has the reputation on jumping on all new technologies upstream likes to explore without reflexion. It’s just that I think you are picking up a wrong fight. -- .''`. Debian 5.0 "Lenny" has been released! : :' : `. `' Last night, Darth Vader came down from planet Vulcan and told `- me that if you don't install Lenny, he'd melt your brain.
signature.asc
Description: Ceci est une partie de message numériquement signée
