Bug#501812: gnome-keyring: Disable graphical dialog when interacting with a shell

Josselin Mouette joss at debian.org
Sun Mar 8 23:40:57 UTC 2009


Le dimanche 08 mars 2009 à 21:37 +0100, Herman Robak a écrit :
> On Sun, 08 Mar 2009 20:30:50 +0100, Josselin Mouette <joss at debian.org> wrote:
> > And this doesn’t cope at all with the case where the SSH connection is
> > not initiated from the shell. If it is initiated by gvfs because the
> > user opened a nautilus window or a file on a remote share, there is no
> > shell to display the prompt in.
> 
> To be fair, that is the developer's problem, not the user's problem. 

No, this is clearly the user’s problem. The user initiates a SSH
connection one way or another, there is an increasing number of possible
ways to initiate it, and he needs to be provided with authentication in
all these cases.

> > I’d say quite the contrary, since the dialog is always the same.
> > Previously, you’d have different prompts depending on where the
> > connection was initiated (e.g. the shell, nautilus, or seahorse).
> 
>  That sounds like a compelling argument if you think that users 
> use OSes, rather than applications.  But users are application 
> minded.

The whole point of having an integrated desktop environment is to let go
of this obsolete way of thinking. With Debian, we ship a desktop that is
ready to use, and that works as a whole, not as a group of applications.
And if you really want just a collection of applications, there is the
LXDE CD.

> > Otherwise, if you don’t like gnome-keyring, it’s simple: don’t use it.
> 
> Here I'll refer to the reporter's request:
> "Alternatively, provide a way of de-installing 
> the package without de-installing half of Gnome."

/usr/share/doc/gnome-keyring/README.Debian

> The real message is "if you don't like gnome-keyring, don't use GNOME."
> That was the consequence understood by the reporter.  He left it at that.

Another person doesn’t like metacity because the keyboard shortcuts are
different from those in fvwm, and another doesn’t like totem because the
playlist doesn’t have the same color as the XMMS one. Should we change
the colors and the keyboard shortcuts because of that?

> I would not have bothered you if I just disliked it.  I commented because 
> this is the default desktop install on Debian, and I have doubts that the 
> new feature is as secure even to those who don't dislike it. 

Again, if you have serious concerns about security, I’m ready to hear
about them. Currently the only reasoning I’m seeing is: “I don’t like
this dialog, so there HAS to be something insecure about it.”

> Since key management and passwords are all about security, the priority 
> has to be saving the user's butt in the very long run.  I don't find it 
> reassuring that GNOME employs an anti-pattern like the floating parent-
> less popup dialog to prompt the user for the magic word.  Making it a 
> consistent anti-pattern just compounds the adverse effects.  Such prompts 
> should be firmly attached to the gizmo/program that triggered them, and 
> the user should be taught to expect _that_.

I’m not so sure about this being an anti-pattern. The tendency in
security systems is to cleanly separate authentication and
authorization, and this means the user will be asked for authentication
from always the same service. This is conceptually what Kerberos does,
for example.

Anyway, this problem is far from being as simple as attaching a window
to another one. Maybe you should know that making the user aware of what
exactly is requiring a keyring unlock is one of upstream’s concerns, and
they would probably be thrilled to see someone propose new approaches.

> Honestly, I have little hopes to duke this out with the GNOMEs, so I'll 
> ask whom it may concern in Debian, just for the record: 
> 
> Are you concerned? 

I am very concerned about providing good defaults for GNOME in Debian,
and I do not hesitate to go against upstream’s opinion sometimes. I
can’t talk for the other team members, but you really can’t say that
Debian has the reputation on jumping on all new technologies upstream
likes to explore without reflexion.

It’s just that I think you are picking up a wrong fight.

-- 
 .''`.      Debian 5.0 "Lenny" has been released!
: :' :
`. `'   Last night, Darth Vader came down from planet Vulcan and told
  `-    me that if you don't install Lenny, he'd melt your brain.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090309/8819605b/attachment.pgp 


More information about the pkg-gnome-maintainers mailing list