reassign 311683 kscreensaver thanks Le jeudi 02 juin 2005 à 20:19 +0200, R. Armiento a écrit : > Package: xscreensaver > Version: 4.21-3 > Severity: important > > The main kde package 'kde' depends on xscreensaver. Now, if I > understand this issue correctly, KDE has its own "randomization engine" > for screensavers. This makes it ignore xscreensavers settings for what > screensavers should be included in 'random screensaver' and instead > randomize over all installed screensavers (at least that is how it > seems to work per default). I *think* KDE's default setting for new > users is to randomize screensavers; but even if it isn't, it is very > easy for an experimenting user to flip this setting on, unaware of the > 'risks' of running the web collage screensaver. > > Result: without any deliberate action, a user running on a "default" debian > install of KDE runs the risk of suddenly showing pornographic images on > the screen (fetched and shown by the 'web collage' screensaver). I have > seen this happen. > > While 'web collage' is a truly original screensaver based on a fun idea, > the thing is, there are workplace environments where this could potentially > get people fired or sued. Hence, I think it is resonable to try to avoid any > accidental activation. Just like there is a fortune-off package for > potentially > offending fortunes, I suggest moving 'web collage' to a separate package > 'xscreensaver-off'.
That's exactly why webcollage is disabled in the default xscreensaver setup. > However, if the maintainer feels this is not an xscreensaver > problem, but rather an issue with kde's random screensaver > option, feel free to forward this bug report to the kde maintainers. Indeed. We (xscreensaver maintainers) are not responsible of the choices the KDE maintainers make. Their configuration deliberately uses a different setup, and there's nothing we can do about it. > Also, just as a side note: another reason to avoid 'web collage' to > be activated unintentionally is that it is a significantly higher > security risk than any of the other screensavers, in that it might > pull an image from the web that exploits a buffer overflow in > the picture library. Actually this shouldn't be a problem, as a hack crashing doesn't make the server crash. -- .''`. Josselin Mouette /\./\ : :' : [EMAIL PROTECTED] `. `' [EMAIL PROTECTED] `- Debian GNU/Linux -- The power of freedom
signature.asc
Description: This is a digitally signed message part