-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 04/06/13 23:51, Holger Levsen wrote: >>> I agree but I thats wishlist or so. >> If it is a "wishlist" item, why did you just close it without >> any correspondence with the bug reporter rather than simply >> changing priority? > > because I mostly thought "WOW" about the ridiculousness of the > severity and labeling a feature a bug. This blew me away, > literally, so that only after a while I could see some wishlist > value in the bug. Encouraging people to make unplanned changes to their systems or normalising the idea that you just put your root password into arbitrary popups without clear details about why it's needed is not a trivial issue. Maybe you and I have ways of finding out what the popup really means, but the average user is just going to be given a poor experience. >> Popups spontaneously asking for the root password in order to >> make unidentified changes to the system? If users start putting >> in their root password for random popups, it undermines the whole >> concept of UNIX security. It won't be long before some phishing >> attack is developed that produces a Javascript popup resembling >> the root packagekit popup. >> >> I saw this again on a desktop today, it was completely >> spontaneous and wasn't triggered by the connection of a USB >> device as it is on the laptop. >> >> You haven't provided any evidence that this is in fact a feature >> - is it being tracked upstream or elsewhere? > > Frankly, I have no idea. I remember > http://people.skolelinux.org/pere/blog/Lets_make_hardware_dongles_easier_to_use_in_Debian.html > and http://people.skolelinux.org/pere/blog/tags/isenkram/ > > And there is http://wiki.debian.org/HardwareAutodetection > >> I attach a screenshot of the offending popup. > > There you have it: packagekit, systemupdate. It runs apt-get update > + apt-get upgrade for you. So there has been a DSA (when then popup > came even though you Maybe you can deduce that from some background knowledge, but that is not explicitly written in the popup at all. > plugged nothing into the desktop). Business as usual, a sensible > default. If you dont like it, "apt-get remove gnome" is one choice, > there are others. Pick Thanks Holger, that's likely to be helpful for all those people who come across this bug - maybe they'll just "apt-get remove debian" and try something else if they feel this is the way issues are discussed within our community. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJRruAlAAoJEOm1uwJp1aqDR2kP/1W3h9WwZm5UpvXm1tu8+6VC eO2g09PqPq+l6lupuDG5+955rPg3/pQNzU8laJwq0a8OmDDUq49rrlK5WHVBo9PS Ff0FZxiQlL0oQj50QZP0UsTKVzw45n8w2TDDG87qFTpG6KQfvHy82r9kkXAfQIC9 ZhUDModHzxTOt7k/07Rb5YRothvNN9YFSIpu7oL5v8Hlv754qjO7D6LFZwy1je8J 1uizF5NlqRmKrIGWDQLCeLaMhBmkX6POorgk2/lv7mhrlnHLr1y7X7UbrXfyss78 RsU4SDHnWZewjHE1UQQD/GPGvH8/XSvEFfJUJVxqma6TGKcTY3VcO0NRsW6SzrhR etQnazE3Fg0B9jrznSe6XHSfvg0PS/brKdISCQb1GTnYFZPekcHTGmw3ydEccMkE I+26PVX8HENdbCgpd9yWwaZV/TDgNRZf3rhYXvpRVT8mDM7aEN3I10IAF3Wh7AId kKK2oOHp6mfKpkyarZmdUBoxjjzuaLxR2MwKvir3j6RvVYWb+w/NuLraFzv+v/Xz LHBeJVNSXhuIG2mwgU2XBXO2CEi8RKRA1UCvZNnY7TNu78+LNymJOTRpAesetCao EvO6rUVXJPTFJt4iaHSIKv1DxaQWHyFMJtwb+dWpXowaiudez98KQRedBNXVAcxc Ft5j8+Ql/vVGNHYXP6ml =Wmzd -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
