On Fri, Sep 14, 2012 at 11:02:00 +0100, Simon McVittie wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > The ioquake3 engine has an option to auto-download missing maps, mods etc. > (PK3 files) from multiplayer servers. It is off by default, but many users > and mod communities encourage switching it on, since it makes playing on > modified or updated multiplayer servers considerably more straightforward. > Switching it on is a security risk, because PK3 files can also contain > executable bytecode: it's executed in a sandbox, but that sandbox is > unlikely to be perfect. > > In tremulous, an old fork of ioquake3 which hadn't had the benefit of some > more recent ioquake3 work on hardening the sandbox environment, I turned off > auto-downloading entirely. > > When I suggested[1] doing the same to ioquake3, which would affect openarena > in main and quake3 in contrib), unanimous feedback from users and the Games > Team was that they would prefer an "are you sure?" prompt when > auto-downloading > was enabled. This moves the change from ioquake3 to openarena, since it's > openarena that provides the user interface. > Is the rest of the user interface generally translated? I might be willing to accept this patch, but not if it means regressing l10n.
Cheers, Julien
signature.asc
Description: Digital signature