Bug 220553 - Web Collage enabled in random screen saver, shows NSFW images
Summary: Web Collage enabled in random screen saver, shows NSFW images
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: xscreensaver
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Mamoru TASAKA
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-12-22 01:25 UTC by Doug Palmer
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-12-22 03:13:19 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Doug Palmer 2006-12-22 01:25:47 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.8) Gecko/20061107 Fedora/1.5.0.8-1.fc6 Firefox/1.5.0.8

Description of problem:
Web collage is, by default, enabled if you choose the random screen saver. The web collage screen saver is, by default, configured to download random images from the web. This will naturally result in not safe for work images.

Since this is a default behaviour, the default should be safe for all environments.



Version-Release number of selected component (if applicable):
xscreensaver-extras-5.01-5.fc6

How reproducible:
Didn't try


Steps to Reproduce:
1. Choose random screen saver.
2. Wait.
3. Colleague enters to discuss things.
4. Turn to computer.

Actual Results:
Suddenly see porn plastered over the screen.


Expected Results:
Some other screensaver should have been selected.
Or the Web Collage screensaver should be configured to only show pictures of fluffy bunnies and kittens.

Additional info:

Comment 1 Mamoru TASAKA 2006-12-22 03:13:19 UTC
This is not correct.
See the changelog of xscreensaver. You have to once clean up
your .xscreensaver file.

Comment 2 Mamoru TASAKA 2006-12-22 05:05:08 UTC
Also, webcollage is not enabled by default even when
you choose random screensaver mode.

Comment 3 Doug Palmer 2006-12-22 22:02:08 UTC
Re Comment 1:

There is no mention of cleaning up .xscreensaver in
/usr/share/doc/xscreensaver-base-5.01/README
The closest mention is in 3.19, where it suggests that you might want to delete
.xscreensaver to make xscreensaver-demo more pretty.

In any case, as a user, I don't see why I should have to devote myself to a
close study of the changelog of every package to ensure that it doesn't contain
what amounts to a piece of malware. (Sure, some people might want to use Web
Collage, but it goes back to the comment about default behaviour being safe for
all environments.)

Re Comment 2:

I have checked by .xscreensaver file and there is a - in front of the WebCollage
entry. However, it did still appear.

It would appear to be the case that it can be enabled by default, somehow, since
I did not explicitly choose it. This may be a side-effect of a series of
upgrades across an old resource file. But again, default behaviour in such cases
should be safe.


In General:

This is a usability issue. Burying warnings in changelogs and about screens is
poor form. It's going to look pretty bad for Fedora the first time someone gets
in serious trouble for this. 

Might I suggest splitting out things like web collage (and probably other screen
savers that assemble random content) into a seperate NSFW package. That way,
people can explicitly choose to install such things and the usability issue is
solved.

Comment 4 Mamoru TASAKA 2006-12-23 02:52:29 UTC
As I have already said:

* webcollage in 5.00-5 does not use net connection by default

From rpm -q --changelog xscreensaver-base
-----------------------------------------------------
* Mon Nov 06 2006 Mamoru Tasaka <mtasaka.u-tokyo.ac.jp> - 1:5.01-4
- No net connection by default for webcollage (possibly fix #214095 ?)
-----------------------------------------------------

From README
-----------------------------------------------------
Changes since 4.24:
                      * `webcollage' takes a -directory option to get images
                        from a local directory.
-----------------------------------------------------

* webcollage is not enabled by default for a long time.
-----------------------------------------------------
- default-n:                    webcollage -root                              \
                                  -directory /usr/share/backgrounds/images/      \n\
- default-n:  "WebCollage (whacked)"                                          \
                                webcollage -root -filter                      \
                                  'vidwhacker -stdin -stdout'                 \
                                  -directory /usr/share/backgrounds/images/      \n\
------------------------------------------------------

Comment 5 Doug Palmer 2006-12-23 10:32:53 UTC
And, as I have also already said, this appears to have been bypassed in my setup
without any explicit action on my part. It would appear that existing
.xscreensaver files are not altered to reflect the new settings. Since my setup had

- default-n:            webcollage -root                \n\
- default-n:  "WebCollage (whacked)"                          \
                  webcollage -root -filter 'vidwhacker        \
                  -stdin -stdout'               \n\

in it.

If you have an old .xscreensaver file then the fixes you mention will not
appear. This effect is quite likely, since many people will not fiddle with
their .xscreensaver settings for years (my one is dated August 2005).

Since the changes made in the packages do not propagate, this seems to be a
pretty obvious bug. I have proposed a workaround for this problem.

Also, since my understanding of the initial "-" is that it means it shouldn't
appear in the random screensaver, but it did even though the - was there, there
is at least the suggestion of a bug there.



Note You need to log in before you can comment on or make changes to this bug.