Authentication dialog doesn't make sense when purchasing

Bug #631619 reported by Matthew Paul Thomas on 2010-09-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone
aptdaemon (Ubuntu)
software-center (Ubuntu)

Bug Description

Binary package hint: software-center

software-center trunk r1116, Ubuntu Maverick

1. Navigate to Fluendo DVD Player, and choose "Buy".
2. Sign in.
3. Fill out the payment form.
4. Confirm the payment.

What happens: An authentication dialog appears: "To change software repository settings, you need to authenticate."

I wrote that string, but I was expecting it to appear only when you are mucking around in Software Sources. I was not expecting it to appear in this context.

What should happen: either
* the dialog should not appear at all; or
* the dialog should have custom text for this situation, e.g. "To install purchased software, you need to authenticate."

Perhaps there could be a custom privilege in aptdaemon that encompasses both adding a purchase repository, and installing the purchased software.

Sebastian Heinlein (glatzor) wrote :

The dialog has to appear, since we cannot allow applications to blindly change the software repositories.

You could add a custom privilege by a distro patch and allow it as an alternative to change-repository and install-or-remove-packages - similiar to the current single-auth patch. But the client would have to ask for authentication before launching the transaction, since the daemon doesn't know if the client wants to perform a purchase or not.

Would be "To install packages from new sources, you have to authenticate" an alternative?

Matthew Paul Thomas (mpt) wrote :

That wording would be a *little* better for this situation, because it refers to installing at all -- but "new sources" would still be a bit of a non-sequitur. And I think it would be worse for the case where you are making changes in Software Sources, because it would suggest that you're about to accidentally install new stuff when you aren't.

I wish this could be fixed with just a wording change, but I don't think it can be.

Changed in aptdaemon (Ubuntu):
status: New → In Progress
Sebastian Heinlein (glatzor) wrote :

The client (software-center) would have to request the privilege from PolicyKit (aptdaemon.policykit1.check_authorization_by_name), since the daemon doesn't know if you want to purchase software or only wan to enable a repository. The granted privileges are cached for several minutes. If the daemon sees that the install-from-new-source or install-purchased privillege has been already granted it justs starts the transaction silently. So you (or software-center) can choose which privilege should be used.

A generic install-from-new-source privilege could be a better alternative to our current one-auth patch to cover adding and iinstalling from e.g PPAs using an apturl.

Moreover I would also accept an additional install-purchased-software privilege upstream.

Michael Vogt (mvo) on 2010-09-09
Changed in software-center (Ubuntu):
status: New → In Progress
Changed in aptdaemon (Ubuntu):
status: In Progress → Fix Committed
Changed in aptdaemon (Ubuntu):
status: Fix Committed → Fix Released
Matthew Paul Thomas (mpt) wrote :

Thanks so much, Sebastian, it looks great now. Tested in

Changed in software-center (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers