Re: Installer UI advices

[Graham J Lee]

On 15 Mar 2005, at 09:24, Markus Hitter wrote:

> Am 15.03.2005 um 03:23 schrieb M. Uli Kusterer:
> > Slowdowns are the least of my worries. Security is more of an issue. 
> > I don't think an application that has just been downloaded but not 
> > launched should be scanned. Otherwise it'd be the equivalent of 
> > AutoStart ... :-o
>
> There's a little difference between scanning a bundle for what it 
> contains and actually executing something. :-)
>
> You are right, this has to be done carefully to not allow execution of 
> unwanted code. You don't want to get this unknown app over there in 
> the net to be used when you double-click a commonly known document. 
> It's similar to setting the PATH variable mindfully.

Aqua currently has a dialogue saying "Opening the file will cause the 
application [...] to be launched for the first time, are you *REALLY* 
*REALLY* sure you want me to do this?" or words to that effect.  I 
think that's a good compromise between automatic availability of new 
apps and security.  So is failing to honour setuid on removable media, 
but that's an OS/FS issue :-)
--
Graham Lee                       GPG Key ID: 01D5B9D8
UNIX Systems Manager, Oxford Physics Practical Course
Coordinator, UKUUG Apple SIG 
(http://lists.ukuug.org/mailman/listinfo/apple-sig)
Technical bod, Oxford Mac Users' Group (http://www.oxmug.org)