Showing the GPG key

I didn't like writing this UI, but to get PackageKit into a couple of distros we need to be able to do a GPG handshake when we install a new repo. I'm questioning whether this is indeed a security measure, but for now I'll run with it.

GPG Check UI

The following UI will be shown when you try and install an external repo like livna or freshrpms after you've installed the foo-release rpm.

Does this make sense to people? It's designed for users who know what installing a new repository means, rather than new users who are just using the distro supplied repos.

Rob Norwood is the dude working on the daemon code, and it's about half done I guess. Lots of code is flowing into git everyday now.

Comments/flames as replies to the blog please. There's no anonymous posting as spammers like me too much. Thanks.

One response to “Showing the GPG key”

  1. Anonymous

    You'll need to include a key signature in the dialog if it's too have any security advantage at all. Everything else can be forged. Users should be instructed to compare the key fingerprint and IGNORE the other information. Otherwise you may as well get rid of the dialog completely, as it will actually make the security worse

Bad Behavior has blocked 2769 access attempts in the last 7 days.