Re: cleaning up keyrings

On Tue, 2007-08-28 at 19:08 -0400, Havoc Pennington wrote:
> A better approach, for example, would be to have selinux or signatures
> or something such that apps that come with the OS are automatically
> trusted and the dialog or other obscure procedure only arises for
> third-party apps. Then people don't get as used to just clicking "yes"
> all the time and _might_ slow down for the dialog when it really
> matters.

Certainly. Maybe add to your spec that there needs to be an easy way for
OS vendors / site / system admins to maintain a whitelist of apps that
are always allowed to access a certain types of keys without having to
nag the user. Means you need a grouping/type concept though. (And FWIW I
think path-based security is more than sufficient here.)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]