Thunderbolt shouldn't ask to automatically authorize devices
[gnome-shell 3.30.1 on Ubuntu 18.10]
When I plug in a Thunderbolt device the whole screen is interrupted and there is a centered Window to enter my password to authorize a device. If I choose not to authorize it and plug it in again I receive the same popup until I decide to authorize the device.
There's a few things that I see wrong with this flow.
- It interrupts whatever you're doing from plugging in a device.
- If you don't trust a device plugged in it happens every time.
- You don't get any information about what device you're actually trying to authorize.
Here's a real world example that I don't think it's a very far fetched. You work in a corporation and visit a desk with a Thunderbolt dock that you don't normally sit at. You have no proof whether this dock has been tampered with. You have a notebook that only accepts power over USB-C. You plug in the dock to get power to charge (which don't need Thunderbolt authorization) but you don't use any other functionality on the dock. There is absolutely no need to authorize the dock in this situation but you will be prompted every time you connect it.
So I think a better flow would be to:
- When a Thunderbolt device is plugged in check if bolt knows about it.
- If bolt doesn't know about it produce a
GNotification
that would open up the Thunderbolt panel from Gnome Control Center when clicked.
Users can then see all the details about the device they're about to authorize in the Thunderbolt panel. It seems feasible that you could even put a "Ignore device" button that would prevent plugging in that device from causing future GNotification events even.
CC @gicmo