Bug#501812: gnome-keyring: Disable graphical dialog when interacting with a shell

Herman Robak herman at skolelinux.no
Sun Mar 8 20:37:19 UTC 2009 

On Sun, 08 Mar 2009 20:30:50 +0100, Josselin Mouette <joss at debian.org> wrote:

> Le dimanche 08 mars 2009 à 19:52 +0100, Herman Robak a écrit :
>> > I have seen what happens when they don’t steal the focus, and believe
>> > me, you don’t want that. That, being typing your passphrase in the wrong
>> > window.
>>
>>  Simple solution: No dialog.  After all, ssh manages to present a
>> prompt in the shell, where it is expected.
>
> And this doesn’t cope at all with the case where the SSH connection is
> not initiated from the shell. If it is initiated by gvfs because the
> user opened a nautilus window or a file on a remote share, there is no
> shell to display the prompt in.

To be fair, that is the developer's problem, not the user's problem. 


>> What is the problem with that?  People have confirmation bias.  If
>> more things happen surprisingly and out of context, they accept that
>> as they get used to it.  That makes both malicious spoofing and
>> accidential misfiling more likely.
>
> I’d say quite the contrary, since the dialog is always the same.
> Previously, you’d have different prompts depending on where the
> connection was initiated (e.g. the shell, nautilus, or seahorse).

 That sounds like a compelling argument if you think that users 
use OSes, rather than applications.  But users are application 
minded.


> Otherwise, if you don’t like gnome-keyring, it’s simple: don’t use it.

Here I'll refer to the reporter's request:
"Alternatively, provide a way of de-installing 
the package without de-installing half of Gnome."

The real message is "if you don't like gnome-keyring, don't use GNOME."
That was the consequence understood by the reporter.  He left it at that.

I would not have bothered you if I just disliked it.  I commented because 
this is the default desktop install on Debian, and I have doubts that the 
new feature is as secure even to those who don't dislike it. 

Since key management and passwords are all about security, the priority 
has to be saving the user's butt in the very long run.  I don't find it 
reassuring that GNOME employs an anti-pattern like the floating parent-
less popup dialog to prompt the user for the magic word.  Making it a 
consistent anti-pattern just compounds the adverse effects.  Such prompts 
should be firmly attached to the gizmo/program that triggered them, and 
the user should be taught to expect _that_.

Honestly, I have little hopes to duke this out with the GNOMEs, so I'll 
ask whom it may concern in Debian, just for the record: 

Are you concerned? 

-- 
Herman Robak

More information about the pkg-gnome-maintainers mailing list