From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.8) Gecko/20061107 Fedora/1.5.0.8-1.fc6 Firefox/1.5.0.8 Description of problem: Web collage is, by default, enabled if you choose the random screen saver. The web collage screen saver is, by default, configured to download random images from the web. This will naturally result in not safe for work images. Since this is a default behaviour, the default should be safe for all environments. Version-Release number of selected component (if applicable): xscreensaver-extras-5.01-5.fc6 How reproducible: Didn't try Steps to Reproduce: 1. Choose random screen saver. 2. Wait. 3. Colleague enters to discuss things. 4. Turn to computer. Actual Results: Suddenly see porn plastered over the screen. Expected Results: Some other screensaver should have been selected. Or the Web Collage screensaver should be configured to only show pictures of fluffy bunnies and kittens. Additional info:
This is not correct. See the changelog of xscreensaver. You have to once clean up your .xscreensaver file.
Also, webcollage is not enabled by default even when you choose random screensaver mode.
Re Comment 1: There is no mention of cleaning up .xscreensaver in /usr/share/doc/xscreensaver-base-5.01/README The closest mention is in 3.19, where it suggests that you might want to delete .xscreensaver to make xscreensaver-demo more pretty. In any case, as a user, I don't see why I should have to devote myself to a close study of the changelog of every package to ensure that it doesn't contain what amounts to a piece of malware. (Sure, some people might want to use Web Collage, but it goes back to the comment about default behaviour being safe for all environments.) Re Comment 2: I have checked by .xscreensaver file and there is a - in front of the WebCollage entry. However, it did still appear. It would appear to be the case that it can be enabled by default, somehow, since I did not explicitly choose it. This may be a side-effect of a series of upgrades across an old resource file. But again, default behaviour in such cases should be safe. In General: This is a usability issue. Burying warnings in changelogs and about screens is poor form. It's going to look pretty bad for Fedora the first time someone gets in serious trouble for this. Might I suggest splitting out things like web collage (and probably other screen savers that assemble random content) into a seperate NSFW package. That way, people can explicitly choose to install such things and the usability issue is solved.
As I have already said: * webcollage in 5.00-5 does not use net connection by default From rpm -q --changelog xscreensaver-base ----------------------------------------------------- * Mon Nov 06 2006 Mamoru Tasaka <mtasaka.u-tokyo.ac.jp> - 1:5.01-4 - No net connection by default for webcollage (possibly fix #214095 ?) ----------------------------------------------------- From README ----------------------------------------------------- Changes since 4.24: * `webcollage' takes a -directory option to get images from a local directory. ----------------------------------------------------- * webcollage is not enabled by default for a long time. ----------------------------------------------------- - default-n: webcollage -root \ -directory /usr/share/backgrounds/images/ \n\ - default-n: "WebCollage (whacked)" \ webcollage -root -filter \ 'vidwhacker -stdin -stdout' \ -directory /usr/share/backgrounds/images/ \n\ ------------------------------------------------------
And, as I have also already said, this appears to have been bypassed in my setup without any explicit action on my part. It would appear that existing .xscreensaver files are not altered to reflect the new settings. Since my setup had - default-n: webcollage -root \n\ - default-n: "WebCollage (whacked)" \ webcollage -root -filter 'vidwhacker \ -stdin -stdout' \n\ in it. If you have an old .xscreensaver file then the fixes you mention will not appear. This effect is quite likely, since many people will not fiddle with their .xscreensaver settings for years (my one is dated August 2005). Since the changes made in the packages do not propagate, this seems to be a pretty obvious bug. I have proposed a workaround for this problem. Also, since my understanding of the initial "-" is that it means it shouldn't appear in the random screensaver, but it did even though the - was there, there is at least the suggestion of a bug there.