This is not correct.
See the changelog of xscreensaver. You have to once clean up
your .xscreensaver file.

Also, webcollage is not enabled by default even when
you choose random screensaver mode.

Re Comment 1:

There is no mention of cleaning up .xscreensaver in
/usr/share/doc/xscreensaver-base-5.01/README
The closest mention is in 3.19, where it suggests that you might want to delete
.xscreensaver to make xscreensaver-demo more pretty.

In any case, as a user, I don't see why I should have to devote myself to a
close study of the changelog of every package to ensure that it doesn't contain
what amounts to a piece of malware. (Sure, some people might want to use Web
Collage, but it goes back to the comment about default behaviour being safe for
all environments.)

Re Comment 2:

I have checked by .xscreensaver file and there is a - in front of the WebCollage
entry. However, it did still appear.

It would appear to be the case that it can be enabled by default, somehow, since
I did not explicitly choose it. This may be a side-effect of a series of
upgrades across an old resource file. But again, default behaviour in such cases
should be safe.


In General:

This is a usability issue. Burying warnings in changelogs and about screens is
poor form. It's going to look pretty bad for Fedora the first time someone gets
in serious trouble for this. 

Might I suggest splitting out things like web collage (and probably other screen
savers that assemble random content) into a seperate NSFW package. That way,
people can explicitly choose to install such things and the usability issue is
solved.

As I have already said:

* webcollage in 5.00-5 does not use net connection by default

From rpm -q --changelog xscreensaver-base
-----------------------------------------------------
* Mon Nov 06 2006 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1:5.01-4
- No net connection by default for webcollage (possibly fix #214095 ?)
-----------------------------------------------------

From README
-----------------------------------------------------
Changes since 4.24:
                      * `webcollage' takes a -directory option to get images
                        from a local directory.
-----------------------------------------------------

* webcollage is not enabled by default for a long time.
-----------------------------------------------------
- default-n:                    webcollage -root                              \
                                  -directory /usr/share/backgrounds/images/      \n\
- default-n:  "WebCollage (whacked)"                                          \
                                webcollage -root -filter                      \
                                  'vidwhacker -stdin -stdout'                 \
                                  -directory /usr/share/backgrounds/images/      \n\
------------------------------------------------------

And, as I have also already said, this appears to have been bypassed in my setup
without any explicit action on my part. It would appear that existing
.xscreensaver files are not altered to reflect the new settings. Since my setup had

- default-n:            webcollage -root                \n\
- default-n:  "WebCollage (whacked)"                          \
                  webcollage -root -filter 'vidwhacker        \
                  -stdin -stdout'               \n\

in it.

If you have an old .xscreensaver file then the fixes you mention will not
appear. This effect is quite likely, since many people will not fiddle with
their .xscreensaver settings for years (my one is dated August 2005).

Since the changes made in the packages do not propagate, this seems to be a
pretty obvious bug. I have proposed a workaround for this problem.

Also, since my understanding of the initial "-" is that it means it shouldn't
appear in the random screensaver, but it did even though the - was there, there
is at least the suggestion of a bug there.