Bug 44586

Summary: Untrusted source authentication dialog needs more info
Product: PackageKit Reporter: Kevin Cameron <kevin>
Component: GeneralAssignee: Richard Hughes <richard>
Status: RESOLVED NOTABUG QA Contact:
Severity: major    
Priority: medium    
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: dialog without enough info
list of updates

Description Kevin Cameron 2012-01-08 11:30:31 UTC 
Created attachment 55305 [details]
dialog without enough info

This morning I did my usual check for updates on my Fedora 16 XFCE system.  There was a healthy list of updates and I clicked the "Install Updates" button without giving it much thought.  PackageKit then popped up a dialog with the heading "The software is not from a trusted source."  The problem is that there's no indication of what "the software" or "source" is.  There's a "Details" button but it doesn't give any useful info either.  I've attached a screenshot of the dialog.

I've seen this dialog before but I've always just ignored it.  I guess I'll have to do it again this time.  However, it's not conducive to good security.  It's possible that a trojan has gotten into my system and is about to load a bunch of malware.

The dialog should provide the following:
1) A list of the untrusted sources
2) A list of the packages that are to be loaded from those sources
3) An option to add the sources a list of trusted sources so that the warning doesn't occur again
Comment 1 Kevin Cameron 2012-01-08 11:32:51 UTC 
Created attachment 55306 [details]
list of updates
Comment 2 Kevin Cameron 2012-01-08 11:34:37 UTC 
BTW, I'm using PackageKit version 0.6.21-1.fc16
Comment 3 Richard Hughes 2018-08-21 15:53:07 UTC 
We moved the upstream bugtracker to GitHub a long time ago. If this issue still affects you please re-create the issue here: https://github.com/hughsie/PackageKit/issues
 
Sorry for the impersonal message, and fingers crossed your issue no longer happens. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.