Mail Archives: cygwin/2007/07/16/12:18:11
>
> On Mon, Jul 16, 2007 at 10:30:52AM -0500, Louis Kruger wrote:
> > I also have a complaint: the dialog that notifies the user of the failed
> > MD5 is not well designed. The dialog asks "Do you want to skip the
> > package?" and has a yes and no button. I read it quickly and pressed no
> > before thinking about it, the package went ahead and tried to install. I
> > think there should be a little more effort to restrain the user from
> > performing a dangerous action such as installing a package with a wrong MD5.
>
> Good point. The message should probably be
>
> Do you want to not skip the package (No/Yes)?
>
> cgf
I realize you are joking, but the wording of the message is beside the
point. For an ordinary end-user, installing a file with a wrong MD5 is
the wrong (and dangerous) thing to do in just about any case I can think
of. Therefore it should not be equally easy to select either option.
My opinion is that the setup program should abort immediately on
detecting a wrong MD5 with a message that the server may have been
compromised. If there is a special case where someone may actually want
this, it should be something non-obvious, like a -allow-wrong-md5 flag
to the setup program.
thanks,
Louis
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -