Absolutely agreed. (The rest of this is long because I lack the time to shorten it.)
I already set Package: xscreensaver xscreensaver-* Pin: version * Pin-Priority: -10000 whenever I remember to, for more or less this reason; it's been clear for years that upstream doesn't really want to play ball and considers their having done most of the work to absolve them from concern about unexpected impact on people and processes who consume it (consider #702258). Benevolent Dictators for Life are one thing, but Apathetic Inconsiderate Dictators for Life make things dangerous to rely on. I have some empathy for their position, but that doesn't make it one that should be integrated directly into a broader context like Debian. If their strong notion of how things Should Be Done is so thoroughly incompatible with mine, then I'm going to avoid installing their software if I have an alternative. Similarly, if their strong notions are incompatible with how Debian packaging works, I see no reason not to oblige their desire for removal. I wouldn't object to a hostile fork, but it seems more trouble than it's worth, and in particular I wouldn't trust upstream not to try to sabotage this somehow. I'd rather just use a different screen locker/blanker. I currently install i3lock, which is a bit feature-weak but works for now. What _does_ potentially concern me is whether alternative lock programs nowadays handle the X side of things with enough finesse to avoid problems such as the ones JWZ described with gnome-screensaver a while ago (which seemed to have a legitimate factual basis). I haven't audited any of this more deeply; can anyone comment on the current situation along those lines? It would be good to have a solid community recommendation for anyone who wants to transition away from xscreensaver in terms of not introducing security issues in particular. ---> Drake Wilson