Source: budgie-desktop
Version: 10.9.2-6
Severity: important
Tags: trixie sid security
Control: block 895477 by -1
X-Debbugs-Cc: gnome-screensa...@packages.debian.org, t...@security.debian.org
budgie-core Depends on gnome-screensaver, and src:budgie-desktop
Build-Depends on it. gnome-screensaver is the unmaintained GNOME 2
screensaver (see #895477), and was superseded by GNOME Shell's integrated
lock screen in about 2010.
Does Budgie really use the unmaintained GNOME 2 screensaver? I thought it
had an integrated lock screen, like GNOME Shell and Cinnamon do?
If Budgie doesn't actually use gnome-screensaver, please remove the
dependency in the packaging, so that gnome-screensaver can be removed
from Debian.
If Budgie *does* use gnome-screensaver, that seems like a problem -
a screensaver is a security-sensitive component, and gnome-screensaver
has no upstream maintainer, so any security vulnerabilities in it will
not be fixed. Budgie should use a maintained screensaver, either by
the Budgie project forking gnome-screensaver as a Budgie component and
becoming its new upstream maintainer, or by using some other codebase
(like perhaps xscreensaver).
Thanks,
smcv
