using 12345678 in ppa examples is a security risk
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
New
|
Undecided
|
Unassigned |
Bug Description
The popup help on the PPA page says
> Step 2: Open your terminal and enter:
>
> sudo apt-key adv --keyserver keyserver.
>
> Replace 12345678 with the key id you copied in step 1.
Users never read instructions therefore are likely to copy and paste the whole command. This will result in them trusting key 12345678 which does exist and is owned by some random person, not necessarily trustworthy. Why not just use the real ID, or show the real command inline in the page?
It's possible to apt-key remove it but people may not know how.
Also, the dialog explaining the instructions appears in the perfect place to obscure the data you need to have to use it. Please put it in a real browser window instead.
Also, the close button for this help window is just a little dot with no text.