[Synaptic-devel] Could Synaptic be used to controll the PGP-keys?

[Ari Torhamo]

Thank you Sebastian and Panu for your answers. Recieving answers like
yours makes me think that those who fight against free software don't
have a chance :-) 


> I know this story may seem silly and not so usefull from a developers 
> > point of view. But maybe it can serve as a small example of how one
> > trivial thing can be a major obstacle for someone new to a program (and
> > Linux).
> > 
> > Cheers,
> > Ari
> > 
> No, stories like yours point us to usability problems. So they are
> indeed quite important to developers.
                [Sebastian]

> It's been a few days since I was told here how to create a repository in
> > Synaptic of a local directory (thank you Michael Vogt and others). Now I
> > have had time to try this, and I did succeed in creating one :-) It took
> > me about two hours to accomplish - stop laughing... all of you... NOW! 
> 
> There's nothing to laugh about when a feature is so abysmally documented
> as creation and use of local repositories is - the only docs I'm aware
> of are the LWN-article Michael mentioned and various mailing list
> archives :(
>               [Panu]


I noticed yesterday that I wasn't using the latest version of Synaptic
(I had 0.51 instead of 0.52). I wanted to upgrade, if not for any other
reason, but to be better able to follow those lively discussions
conserning changes made to the user interface lately :-) I begun the
upgrade and after clicking "Apply", Synaptic showd the progress meter
and was doing "something". But when I afterwards happend to check the
version number, it was still 0.51. I experimented a while with this, but
could not get Synaptic upgraded. Then I noticed that the same happends
with some other packages too, but not with all of them.

I decided to try to use Apt to do the upgrade. I did "apt-get upgrade
synaptic" (I don't know if this was correct) and Apt listed a lot of
lines, almost everyone of which included a message of a missing PGP-key.

At this phase I started to get weak signals from the dark depths of my
memory. I began to remember that a thing called PGP-key may have played
some part even in my own Fedora installation months ago in the spring. I
had noticed letters "dag" in the errorlines I got from Apt. After some
brainwork, night time and instructions from the DAG website I had set in
a PGP-key from DAG and got Synaptic upgraded. It wasn't until this I
rememberd that I always used to get an error message in Synaptic,
apparently concerning this matter, when refreshing the package list. The
message did mention the word "PGP" and maybe "headers", but I had
learned to ignore this message because everything seemd (deceptively) to
work like normal and I didn't understand what the message was really
about.

All this made me think that wouldn't it be natural to use Synaptic to
control the PGP-keys. If you have to have a PGP-key to be able to use a
repository, wouldn't it be obvious to use the same tool to install it,
as you use to set the repository? In a simple form this could be just a
one more text field below the "Section(s)"-field in the
"Repositories"-window. Or there could be a "PGP-key"-button, which would
open a setting window for the key to be fed in (maybe an import tool too
to import a text file?). And of course an in-depth instruction for all
the newbies there :-) I don't know of course, how much work it would
take "under the hood" to implement this.

        Ari

P.S. Why do my messages always end up to be so long? I'm propably
actually begining to slow down the entire progress of Synaptic
developement, when developers spend large part of their time just wading
through my messages :-)