On 8/22/07, Jesse Keating <jkeating(a)redhat.com> wrote:
On Wed, 22 Aug 2007 10:18:52 -0400
"Owen Taylor" <otaylor(a)redhat.com> wrote:
> I have a *strong* opinion here that it's *never*, *ever* right to ask
> the user a question when installing or removing a package. A question
> is going to be of the form:
>
> A) This operation may trash your system [detail that the user doesn't
> understand removed]. Proceed?
>
> B) The package that you are installing might be created by an evil
> haxor and do bad things [details that the user doesn't understand
> removed]. Proceed?
For me it's not asking the users these questions, it's asking the user
for their password to proceed (with a timeout). OSX does this, and we
seem to base a lot of our "good usability" on what they do. If a
friend wants to just look at their web mail, why should they switch
users to a guest account? Why can't I just hand them the laptop and
let them use the already running browser? If something popped up to
install software I don't want them to be able to just have it happen, I
want the password prompt to show up so that if they aren't me, or
weren't me that provided a password in the last 5 minutes, I don't want
them to be able to do it. I don't think this is unreasonable as a
default everywhere. It's just like we made the local user(s) sudo
enabled and rely upon that sudo mechanism to accomplish system level
tasks.
The other half of this is it should not just be the users password
that is acceptable. We need to make sure an admin can sit down at a
machine and perform these operations without mucking around with
profiles or switch terminals. This functionality is becoming more and
more necessary, where children have a restricted desktop. We want to
make it very easy for parents (admins) to install a new game for their
kids in a straight forward manner.