Package: xscreensaver Version: 6.06+dfsg1-3+deb12u1 ### Issue description
Currently (2024-05), on a "stable" installation which is up-to-date, xscreensaver displays a message that it is too old and should be updated. Security-aware users might think that xscreensaver contacted upstream's servers without any permission, possibly transmitting private information about the user account or the user's machine as part of the update check. Such fears are not totally unjustified, because in fact a lot of widely-used commercial software actually spies on the users via frequent "update checks". It is less common in open source software, but seeing a warning like the one displayed by xscreensaver makes privacy-aware users nervous. At least that's what I thought initially: "What has the world come to! Now even trusty old xscreensaver is spying on me, too." However, a web search quickly found a patch which disables this warning. And in the patch's unified diff context one could see that the warning is triggered by a clock check, not by frequently contacting some upstream server. Instead, the warning goes off if the xscreensaver version is older than 17 months. In other words, it is totally harmless. The update check does not spy on anyone, and does not endanger one's privacy. As I read in bug #819703, the author does not wish this warning message to be removed. This is acceptable. But then the warning message should be augmented by additional information, making it clear that this warning message has only be triggered by comparing the system time, and not by periodically contacting some upstream server without permission and transmitting data about the user or his system configuration to some upstream server. ### Expected behaviour The actual warning should be displayed as the author demands. It does not matter how stupid this is on a distro like Debian "stable", where time-tested versions are preferred over less-tested but more recent versions as long as no problems are discovered. This is what the author wants, and his wishes should be honored. But the warning message should be patched to display *additional* text which makes it clear that this warning is benign and not the result of periodically accessing the Internet without permission. The author only demands that his warning shall not be removed. He has so far not expressed any objections against clarifying it by augmentation. ### External links None.
