Hi dirdi, You are right. Would you simply add a notice in the man page by forwarding to the upstream bug URL? Or would you totally remove the option from the man page? I am more tempted in doing the former. What do you think?
Regards, On Mon, Jan 06, 2020 at 04:29:09AM +0100, dirdi wrote: > Package: i3lock-fancy > Version: 0.0~git20160228.0.0fcb933-2 > Followup-For: Bug #934444 > > I suggest to at least patch the man page and document the actual behavior, > since not forking might have severe security implications: E.g. consider the > following shell script which is supposed to lock the screen and wipe all > identities from the SSH agent: > > > #! /bin/sh > > i3lock-fancy > > ssh-add -d > > Instead of wiping those identities instantly they will not be wiped > before i3lock-fancy exits (i.e. screen being unlocked). -- Simon Désaulniers sim.desaulni...@gmail.com
signature.asc
Description: PGP signature
