> Like it or not, JWZ considers xscreensaver to be frontline system > security. If it doesn't LOCK YOUR SCREEN, it's broken. If you don't > want to track the security updates, you are (in his mind) harming users.
If there is such a bug in xscreensaver in stable, why is the release not tagged as critical security release, and why was the issue not communicated more clearly, maybe even with a reproducer and a patch? > A version, today, over about five months old is going to have at least > one security hole: you can crash out of the password prompt (at least in > some cases) by hot swapping monitors at a critical time. CVE number? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
