A friend made me aware that for Fedora there are a number of submissions of this problem. I just link them here as reference: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139513 (with duplicate bugs: 139777, 149803, 140684)
Given the outcry and negative stories there, perhaps the severity of this bug needs to marked as critical? I'd hate to see someone fired or sued for installing the new official sarge release... >>While 'web collage' is a truly original screensaver based on a fun idea, >>the thing is, there are workplace environments where this could potentially >>get people fired or sued. [...] > > That's exactly why webcollage is disabled in the default xscreensaver > setup. And by 'disabled' I suppose you mean that the default setting of xscreensaver randomizer does not pick WebCollage. Is that really enough?. I'm not trying to be a moralist here; but is it really sensible to distribute a porn screensaver among the default set? You may argue that the main idea of WebCollage is not to show porn, but in reality, something like 1 out of 10 images it pulls is pornographic; so this likely is how it will appear to ordinary users. Also, a user playing around in the xscreensaver/'Gnome screensaver config' will trigger the preview of WebCollage before it is possible to read the explicit warnings in the settings dialog. The possibility of unintentional triggering of sexually explicit content in the preview box on the screen while configuring screensavers is still bad. This issue may not be as grave as "porn by default in kde", but people working for a company that supervise network usage could still potentially get fired for the actions of the WebCollage preview. Perhaps this less grave problem with xscreensaver configuration and WebCollage should be refiled as a 'minor' or 'wishlist' bug against xscreensaver. However, fixing the minor issue with xscreensaver would also fix the grave side of the issue involving kde's random screensaver. >>Also, just as a side note: another reason to avoid 'web collage' to >>be activated unintentionally is that it is a significantly higher >>security risk than any of the other screensavers, in that it might >>pull an image from the web that exploits a buffer overflow in >>the picture library. > > Actually this shouldn't be a problem, as a hack crashing doesn't make > the server crash. This argument assumes that the worst thing that can happen is the screensaver process crashing. However, an image constructed with malicious intent could let an attacker take over the WebCollage process, and ultimately give full access to the users account. //Rickard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
