Bug 220553 - Web Collage enabled in random screen saver, shows NSFW images
Web Collage enabled in random screen saver, shows NSFW images
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: xscreensaver (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mamoru TASAKA
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-21 20:25 EST by Doug Palmer
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-21 22:13:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Doug Palmer 2006-12-21 20:25:47 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.8) Gecko/20061107 Fedora/1.5.0.8-1.fc6 Firefox/1.5.0.8

Description of problem:
Web collage is, by default, enabled if you choose the random screen saver. The web collage screen saver is, by default, configured to download random images from the web. This will naturally result in not safe for work images.

Since this is a default behaviour, the default should be safe for all environments.



Version-Release number of selected component (if applicable):
xscreensaver-extras-5.01-5.fc6

How reproducible:
Didn't try


Steps to Reproduce:
1. Choose random screen saver.
2. Wait.
3. Colleague enters to discuss things.
4. Turn to computer.

Actual Results:
Suddenly see porn plastered over the screen.


Expected Results:
Some other screensaver should have been selected.
Or the Web Collage screensaver should be configured to only show pictures of fluffy bunnies and kittens.

Additional info:
Comment 1 Mamoru TASAKA 2006-12-21 22:13:19 EST
This is not correct.
See the changelog of xscreensaver. You have to once clean up
your .xscreensaver file.
Comment 2 Mamoru TASAKA 2006-12-22 00:05:08 EST
Also, webcollage is not enabled by default even when
you choose random screensaver mode.
Comment 3 Doug Palmer 2006-12-22 17:02:08 EST
Re Comment 1:

There is no mention of cleaning up .xscreensaver in
/usr/share/doc/xscreensaver-base-5.01/README
The closest mention is in 3.19, where it suggests that you might want to delete
.xscreensaver to make xscreensaver-demo more pretty.

In any case, as a user, I don't see why I should have to devote myself to a
close study of the changelog of every package to ensure that it doesn't contain
what amounts to a piece of malware. (Sure, some people might want to use Web
Collage, but it goes back to the comment about default behaviour being safe for
all environments.)

Re Comment 2:

I have checked by .xscreensaver file and there is a - in front of the WebCollage
entry. However, it did still appear.

It would appear to be the case that it can be enabled by default, somehow, since
I did not explicitly choose it. This may be a side-effect of a series of
upgrades across an old resource file. But again, default behaviour in such cases
should be safe.


In General:

This is a usability issue. Burying warnings in changelogs and about screens is
poor form. It's going to look pretty bad for Fedora the first time someone gets
in serious trouble for this. 

Might I suggest splitting out things like web collage (and probably other screen
savers that assemble random content) into a seperate NSFW package. That way,
people can explicitly choose to install such things and the usability issue is
solved.
Comment 4 Mamoru TASAKA 2006-12-22 21:52:29 EST
As I have already said:

* webcollage in 5.00-5 does not use net connection by default

From rpm -q --changelog xscreensaver-base
-----------------------------------------------------
* Mon Nov 06 2006 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1:5.01-4
- No net connection by default for webcollage (possibly fix #214095 ?)
-----------------------------------------------------

From README
-----------------------------------------------------
Changes since 4.24:
                      * `webcollage' takes a -directory option to get images
                        from a local directory.
-----------------------------------------------------

* webcollage is not enabled by default for a long time.
-----------------------------------------------------
- default-n:                    webcollage -root                              \
                                  -directory /usr/share/backgrounds/images/      \n\
- default-n:  "WebCollage (whacked)"                                          \
                                webcollage -root -filter                      \
                                  'vidwhacker -stdin -stdout'                 \
                                  -directory /usr/share/backgrounds/images/      \n\
------------------------------------------------------
Comment 5 Doug Palmer 2006-12-23 05:32:53 EST
And, as I have also already said, this appears to have been bypassed in my setup
without any explicit action on my part. It would appear that existing
.xscreensaver files are not altered to reflect the new settings. Since my setup had

- default-n:            webcollage -root                \n\
- default-n:  "WebCollage (whacked)"                          \
                  webcollage -root -filter 'vidwhacker        \
                  -stdin -stdout'               \n\

in it.

If you have an old .xscreensaver file then the fixes you mention will not
appear. This effect is quite likely, since many people will not fiddle with
their .xscreensaver settings for years (my one is dated August 2005).

Since the changes made in the packages do not propagate, this seems to be a
pretty obvious bug. I have proposed a workaround for this problem.

Also, since my understanding of the initial "-" is that it means it shouldn't
appear in the random screensaver, but it did even though the - was there, there
is at least the suggestion of a bug there.

Note You need to log in before you can comment on or make changes to this bug.