paulproteus
commented
8 years ago I'm going to claim this is in v2 (lower-priority) territory for now, but @neynah feel free to tell me otherwise!!
Open paulproteus opened 8 years ago
paulproteus
commented
8 years ago I'm going to claim this is in v2 (lower-priority) territory for now, but @neynah feel free to tell me otherwise!!
neynah
commented
8 years ago I agree it's lower priority. It wouldn't be hard to mock-up a de-emphasized version to see if there's an improvement.
kentonv
commented
8 years ago I'm -1 on this. Verifying software sources is important for security.
If users don't know what this is, then we should teach them, so that they can be secure. We have some explanatory text there, but if it's confusing, we should improve it so that it is not. I'm sure there's a one-liner that users will understand -- it doesn't have to explain exactly how the verification works, just that the identities are verified.
If we don't show the identities by default, then even experienced users are likely to form a habit of not checking. Having them shown makes it at least possible that a user will notice if something is fishy.
paulproteus
commented
8 years ago FWIW I think the main thing that bothers me on this page is the attention-grabbing mostly-not-useful PGP key fingerprint. It seems like you're on-board with not necessarily showing that by default, Kenton, if I understand correctly.
Nena I'm curious for your thoughts too.
kentonv
commented
8 years ago Well, I think it's essential that the fingerprint be available somewhere. I suppose it's not essential that it be visible by default, but I'm not sure how you'd hide it without increasing the awkwardness overall. I'm willing to consider ideas here, though I also wonder how much time we should be spending on this.
What if we only showed the last 32 or 64 bits (aka the key ID), but let you click to see the whole thing?
Rationale: Nearly 0 users will have any idea what this is.
Proposal: Do the same thing we do on the app details page, which is let the user click and check.
Having said that, I'm very open to other ideas.
Drew mentioned elsewhere that maybe we can de-emphasize it. @neynah is that something you want to try to provide mockups of? If so, I'm +1 on those mockups being on this issue, and leaving the issue assigned to you until you're done mocking-up, and then we can assign to me. Assign it to yourself if you're OK with that.