Red Hat Bugzilla – Bug 439229
polkit-grant-helper dialog is scary/confusing
Last modified: 2013-03-05 22:55:11 EST
I tried to install a package with PackageKit, and got a dialog saying I needed
to enter my root password. Underneath the password entry was a checkbox for
"Remember this authorization".
99.44% of the time, when there is a password entry and a "Remember..." checkbox
under it, it means "remember this password". This is really scary in the context
of a password entry where you're typing your root password.
Because I know the theory behind PolicyKit (and because I know that the
developers are not insane), I know it's not *really* going to store my root
password in plaintext in a file somewhere. But it really seems to be suggesting
that that's what's going to happen.
I'd suggest something like "[X] Allow user danw to perform this operation
without additional authorization in the future" or something. (Actually, if you
can get a context-specific message ["Allow user danw to install packages..."]
that's infinitely better.) Something that makes it clear that it's not
remembering the password, it's removing the need for it.
This is an interesting observation; technically it's still correct, I think,
since an authorization per se has nothing to do with the password. Then again,
many people don't differentiate between authentication and authorization.
But your suggestion about making it more concrete is a good one; the less
confusion the better. I'll see what I can do; will post progress here.
Another thing I want to add is a gconf key to control whether the remember
checkboxes are automatically selected when the authentication dialog comes up.
Right now they're always selected because that's the reasonable thing to do.
However lots of people complain about this behavior
FWIW, I'm thinking of a plug-in system for PolicyKit so policy providers can
provide code that participates in how the UI is going to look. This is going to
be important once we add object support (e.g. going from "can process $PID do
$ACTION on behalf of user $USER" to "can process $PID do $ACTION on $OBJECT on
behalf of user $USER"); some feature that is really needed for more advanced
applications of PolicyKit. Think of objects as disks (for g-d-u), network
connections (for NM), folders (for Nautilus).
Anyway, with such a plug-in system then PackageKit could ship a tiny plug-in
that generates the strings used in the authentication UI.
Something to think about.
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
"Right now they're always selected because that's the reasonable thing to do.
However lots of people complain about this behavior"
I would like to complain as well. :-)
When updating my system I do not want my password/authorization remembered,
therefore EVERY time I have to untick the remember authorization box.
In my opinion this is the worst of the available options.
Best: Remember not selected
Then most users can type their password in 1 - 2 seconds, hit return, and not be
too bothered by the inconvenience
Median: Remember & For this session only
I expect that this is a rare user choice, therefore not #1. If you think you
will be performing this action several times during this session then you can
take the 2-4 seconds to grab the mouse and click the boxes with the peace of
mind of knowing that your choice is temporary.
Worst: Remember selected
If you want to give up the protection of requiring authorization for this action
for ever more then you can spend 3 seconds ticking this box ONCE and never see
Thanks for listening ;-)
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '9'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 9's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 9 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora please change the 'version' of this
bug to the applicable version. If you are unable to change the version,
please add a comment here and someone will do it for you.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
The process we are following is described here:
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.