updates on unsigned AppImage don't look like they finish

[JulianGro]

When updating an unsigned AppImage the loading bar turns yellow and there is a message about a "problem". At least to me this makes it seem like it failed to update. Even if the user understands that it is just a warning, it doesn't look very good to an end user.

I suggest moving the warning about unsigned AppImages into the "Details" section, removing it from the "main" window and not coloring the bar yellow.
I would also suggest changing the "100%" in the loading bar to "Update finished!" and also adding a similar message to the Details section to make it more obvious that the update actually completed. Maybe also changing the "Close" button to a "Finish" button once the update is complete.

Signing AppImage is currently a bit controversial, so an unsigned AppImage should be just as user friendly as a signed one.

[probonopd]

Signing AppImage is currently a bit controversial

What exactly do you mean by "controversial"?

But I tend to agree, the lack of a signature should not be seen as a "problem". A compromised signature should, imho.

Maybe we could leave the bar just in its native color for unsigned AppImages, and make it green for signed AppImages if the signature verification suceeds.

[JulianGro]

Maybe we could leave the bar just in its native color for unsigned AppImages, and make it green for signed AppImages if the signature verification suceeds.

I like that. Honestly I always thought it looked pretty crappy using a custom color on the loading bar, since it makes it look so unlike the rest of the system.

[Morganlej]

Also, it could tell user now have both the old version, and the new added.
(which seem to be the result currently, and i think that is OK.
The new version is not made executable, good or not i cant tell, depends on use case)

[axelsimon]

But I tend to agree, the lack of a signature should not be seen as a "problem". A compromised signature should, imho.

If signing software packages is controversial for the AppImage community, then that pretty much guarantees that AppImage will remain a hobbyist tool. Signing software is a necessity and the number of software supply chain attacks is a sad reminder of it.

That being said, if an AppImage isn't signed, then the user should be made aware of that fact, as they have no guarantee that they are about to run what they think they are about to run. That yellow bar is clearly not the right approach, as it conveys that the whole process has failed, which isn't the case. But the tool needs to make the following three cases clear:

• the signature was successfully verified (green?)
• there was no signature to verify (gray? no filling of the loading bar?)
• the signature was checked but failed to verify (something is wrong) (red?)

They are in order of best to worse case.