Shawn Walker wrote:
I can't account for a security model that hasn't been designed or discussed.
It is out for discussion just now on this very alias, the thread did start an hour after yours did though so I understand why you didn't have it in there initially.
http://mail.opensolaris.org/pipermail/pkg-discuss/2009-September/016977.html There have also been several discussions about it the past. > Nor do I feel I'm the right person to do that. Which is why I'm offering my help.
Security is not the focus of this proposal; the terminology and UI presentation is.
Security has to be taken into account in everything and it is everyones responsibility - just like performance. If you have a bad security model you end up with a bad UI. For a current example have a look at the total disaster Firefox has when you go to a page with a self signed or otherwise unknown certificate and the total farce we have with the supposedly more secure "Extended Validation" Certs. Both are bad UI and terminology issues related to the security model.
> I'm extremely skeptical of the idea that trust models,
signatures, etc. will have any impact on the basic presentation of these high-level concepts to users or their basic interactions with them.
As person who has security as one of their main focuses I disagree - otherwise I wouldn't have commented. Terminology is very important for the security model to work and the UI presentation of it is critical to getting users to pay attention to it or not seeing it.
My personal view is that certs, key pairs, etc. should be largely invisible to most users, and as such, I'm treating them just as invisibly 8)
I agree that should be case, however I belive the only way that is going to happen well is if it is taken into account in the design of the abstractions between publishers, repositories, streams etc. Otherwise they will be come more visible because they will be special.
There is important terminology and presentation of that in the UI for signed manifests as well and I feel if we are having a discussion about terminology that involves words like "publishers" and the concepts of where binaries come from we must include the manifest signing terminology in that too. Otherwise we are going to have to retro fit or change in the near future.
-- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
