Debian Bug report logs - #311683
xscreensaver: under some circumstances KDE screensaver can show porn

version graph

Package: kscreensaver-xsavers; Maintainer for kscreensaver-xsavers is Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>; Source for kscreensaver-xsavers is src:kdeartwork.

Reported by: "R. Armiento" <reply-debian-05@armiento.net>

Date: Thu, 2 Jun 2005 18:33:01 UTC

Severity: important

Tags: confirmed

Merged with 316900

Fixed in version kdeartwork/4:3.4.2-1

Done: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Ralf Hildebrandt <ralf.hildebrandt@charite.de>:
Bug#311683; Package xscreensaver. Full text and rfc822 format available.

Acknowledgement sent to "R. Armiento" <reply-debian-05@armiento.net>:
New Bug report received and forwarded. Copy sent to Ralf Hildebrandt <ralf.hildebrandt@charite.de>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "R. Armiento" <reply-debian-05@armiento.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xscreensaver: web collage screensaver makes debian "default install" of kde show porn
Date: Thu, 02 Jun 2005 20:19:06 +0200
Package: xscreensaver
Version: 4.21-3
Severity: important

The main kde package 'kde' depends on xscreensaver. Now, if I 
understand this issue correctly, KDE has its own "randomization engine" 
for screensavers. This makes it ignore xscreensavers settings for what
screensavers should be included in 'random screensaver' and instead
randomize over all installed screensavers (at least that is how it 
seems to work per default). I *think* KDE's default setting for new 
users is to randomize screensavers; but even if it isn't, it is very 
easy for an experimenting user to flip this setting on, unaware of the
'risks' of running the web collage screensaver.

Result: without any deliberate action, a user running on a "default" debian 
install of KDE runs the risk of suddenly showing pornographic images on
the screen (fetched and shown by the 'web collage' screensaver). I have 
seen this happen.

While 'web collage' is a truly original screensaver based on a fun idea,
the thing is, there are workplace environments where this could potentially 
get people fired or sued. Hence, I think it is resonable to try to avoid any
accidental activation. Just like there is a fortune-off package for potentially 
offending fortunes, I suggest moving 'web collage' to a separate package 
'xscreensaver-off'.

However, if the maintainer feels this is not an xscreensaver 
problem, but rather an issue with kde's random screensaver
option, feel free to forward this bug report to the kde maintainers.

Also, just as a side note: another reason to avoid 'web collage' to
be activated unintentionally is that it is a significantly higher
security risk than any of the other screensavers, in that it might
pull an image from the web that exploits a buffer overflow in
the picture library.

//Rickard

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages xscreensaver depends on:
ii  libatk1.0-0          1.8.0-4             The ATK accessibility toolkit
ii  libc6                2.3.2.ds1-21        GNU C Library: Shared libraries an
ii  libglade2-0          1:2.4.2-2           library to load .glade files at ru
ii  libglib2.0-0         2.6.4-1             The GLib library of C routines
ii  libgtk2.0-0          2.6.4-1             The GTK+ graphical user interface 
ii  libice6              4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii  libjpeg62            6b-10               The Independent JPEG Group's JPEG 
ii  libpam0g             0.76-22             Pluggable Authentication Modules l
ii  libpango1.0-0        1.8.1-1             Layout and rendering of internatio
ii  libsm6               4.3.0.dfsg.1-12.0.1 X Window System Session Management
ii  libx11-6             4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii  libxext6             4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte
ii  libxml2              2.6.16-7            GNOME XML library
ii  libxmu6              4.3.0.dfsg.1-12.0.1 X Window System miscellaneous util
ii  libxpm4              4.3.0.dfsg.1-12.0.1 X pixmap library
ii  libxrandr2           4.3.0.dfsg.1-12.0.1 X Window System Resize, Rotate and
ii  libxrender1          0.8.3-7             X Rendering Extension client libra
ii  libxt6               4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii  xlibs                4.3.0.dfsg.1-12     X Keyboard Extension (XKB) configu
ii  zlib1g               1:1.2.2-4           compression library - runtime

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Ralf Hildebrandt <ralf.hildebrandt@charite.de>:
Bug#311683; Package xscreensaver. Full text and rfc822 format available.

Acknowledgement sent to 311683@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Ralf Hildebrandt <ralf.hildebrandt@charite.de>. Full text and rfc822 format available.

Message #10 received at 311683@bugs.debian.org (full text, mbox):

From: Josselin Mouette <joss@debian.org>
To: 311683@bugs.debian.org, "R. Armiento" <reply-debian-05@armiento.net>
Subject: Re: Bug#311683: xscreensaver: web collage screensaver makes debian "default install" of kde show porn
Date: Thu, 02 Jun 2005 21:00:07 +0200
[Message part 1 (text/plain, inline)]
reassign 311683 kscreensaver
thanks

Le jeudi 02 juin 2005 à 20:19 +0200, R. Armiento a écrit :
> Package: xscreensaver
> Version: 4.21-3
> Severity: important
> 
> The main kde package 'kde' depends on xscreensaver. Now, if I 
> understand this issue correctly, KDE has its own "randomization engine" 
> for screensavers. This makes it ignore xscreensavers settings for what
> screensavers should be included in 'random screensaver' and instead
> randomize over all installed screensavers (at least that is how it 
> seems to work per default). I *think* KDE's default setting for new 
> users is to randomize screensavers; but even if it isn't, it is very 
> easy for an experimenting user to flip this setting on, unaware of the
> 'risks' of running the web collage screensaver.
> 
> Result: without any deliberate action, a user running on a "default" debian 
> install of KDE runs the risk of suddenly showing pornographic images on
> the screen (fetched and shown by the 'web collage' screensaver). I have 
> seen this happen.
> 
> While 'web collage' is a truly original screensaver based on a fun idea,
> the thing is, there are workplace environments where this could potentially 
> get people fired or sued. Hence, I think it is resonable to try to avoid any
> accidental activation. Just like there is a fortune-off package for potentially 
> offending fortunes, I suggest moving 'web collage' to a separate package 
> 'xscreensaver-off'.

That's exactly why webcollage is disabled in the default xscreensaver
setup.

> However, if the maintainer feels this is not an xscreensaver 
> problem, but rather an issue with kde's random screensaver
> option, feel free to forward this bug report to the kde maintainers.

Indeed. We (xscreensaver maintainers) are not responsible of the choices
the KDE maintainers make. Their configuration deliberately uses a
different setup, and there's nothing we can do about it.

> Also, just as a side note: another reason to avoid 'web collage' to
> be activated unintentionally is that it is a significantly higher
> security risk than any of the other screensavers, in that it might
> pull an image from the web that exploits a buffer overflow in
> the picture library.

Actually this shouldn't be a problem, as a hack crashing doesn't make
the server crash.
-- 
 .''`.           Josselin Mouette        /\./\
: :' :           josselin.mouette@ens-lyon.org
`. `'                        joss@debian.org
  `-  Debian GNU/Linux -- The power of freedom
[signature.asc (application/pgp-signature, inline)]

Bug reassigned from package `xscreensaver' to `kscreensaver'. Request was from Josselin Mouette <joss@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#311683; Package kscreensaver. Full text and rfc822 format available.

Acknowledgement sent to Ben Burton <bab@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #17 received at 311683@bugs.debian.org (full text, mbox):

From: Ben Burton <bab@debian.org>
To: 311683@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Processed: Re: Bug#311683: xscreensaver: web collage screensaver makes debian "default install" of kde show porn
Date: Fri, 3 Jun 2005 07:49:03 +1000
reassign 311683 kdebase-bin
thanks mate

Hi.. the random screensaver is actually in kdebase-bin, not
kscreensaver.  Reassigning accordingly.

b.




Bug reassigned from package `kscreensaver' to `kdebase-bin'. Request was from Ben Burton <bab@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#311683; Package kdebase-bin. Full text and rfc822 format available.

Acknowledgement sent to "R. Armiento" <reply-debian-05@armiento.net>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #24 received at 311683@bugs.debian.org (full text, mbox):

From: "R. Armiento" <reply-debian-05@armiento.net>
To: joss@debian.org
Cc: 311683@bugs.debian.org
Subject: Re: Bug#311683: xscreensaver: web collage screensaver makes debian "default install" of kde show porn
Date: Fri, 03 Jun 2005 13:02:24 +0200
A friend made me aware that for Fedora there are a number of submissions
of this problem. I just link them here as reference:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139513
(with duplicate bugs: 139777, 149803, 140684)

Given the outcry and negative stories there, perhaps the severity of this
bug needs to marked as critical? I'd hate to see someone fired or sued
for installing the new official sarge release...

>>While 'web collage' is a truly original screensaver based on a fun idea,
>>the thing is, there are workplace environments where this could potentially 
>>get people fired or sued. [...]
> 
> That's exactly why webcollage is disabled in the default xscreensaver
> setup.

And by 'disabled' I suppose you mean that the default setting of xscreensaver
randomizer does not pick WebCollage. Is that really enough?. I'm not trying
to be a moralist here; but is it really sensible to distribute a porn
screensaver among the default set? You may argue that the main idea of
WebCollage is not to show porn, but in reality, something like 1 out of 10
images it pulls is pornographic; so this likely is how it will appear to
ordinary users.

Also, a user playing around in the xscreensaver/'Gnome screensaver config' will
trigger the preview of WebCollage before it is possible to read the explicit
warnings in the settings dialog. The possibility of unintentional triggering
of sexually explicit content in the preview box on the screen while configuring
screensavers is still bad. This issue may not be as grave as "porn by default
in kde", but people working for a company that supervise network usage could
still potentially get fired for the actions of the WebCollage preview.

Perhaps this less grave problem with xscreensaver configuration and WebCollage
should be refiled as a 'minor' or 'wishlist' bug against xscreensaver. However,
fixing the minor issue with xscreensaver would also fix the grave side of the
issue involving kde's random screensaver.

>>Also, just as a side note: another reason to avoid 'web collage' to
>>be activated unintentionally is that it is a significantly higher
>>security risk than any of the other screensavers, in that it might
>>pull an image from the web that exploits a buffer overflow in
>>the picture library.
> 
> Actually this shouldn't be a problem, as a hack crashing doesn't make
> the server crash.

This argument assumes that the worst thing that can happen is the screensaver
process crashing. However, an image constructed with malicious intent could let
an attacker take over the WebCollage process, and ultimately give full access
to the users account.

//Rickard



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#311683; Package kdebase-bin. Full text and rfc822 format available.

Acknowledgement sent to Josselin Mouette <joss@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #29 received at 311683@bugs.debian.org (full text, mbox):

From: Josselin Mouette <joss@debian.org>
To: "R. Armiento" <reply-debian-05@armiento.net>
Cc: 311683@bugs.debian.org
Subject: Re: Bug#311683: xscreensaver: web collage screensaver makes debian "default install" of kde show porn
Date: Fri, 03 Jun 2005 13:23:57 +0200
Le vendredi 03 juin 2005 à 13:02 +0200, R. Armiento a écrit :
> And by 'disabled' I suppose you mean that the default setting of xscreensaver
> randomizer does not pick WebCollage.

Also, the netpbm package, required by webcollage, is only recommended by
xscreensaver.

> Also, a user playing around in the xscreensaver/'Gnome screensaver config' will
> trigger the preview of WebCollage before it is possible to read the explicit
> warnings in the settings dialog. The possibility of unintentional triggering
> of sexually explicit content in the preview box on the screen while configuring
> screensavers is still bad. This issue may not be as grave as "porn by default
> in kde", but people working for a company that supervise network usage could
> still potentially get fired for the actions of the WebCollage preview.

Maybe adding a warning in the hack list would be enough.

> > Actually this shouldn't be a problem, as a hack crashing doesn't make
> > the server crash.
> 
> This argument assumes that the worst thing that can happen is the screensaver
> process crashing. However, an image constructed with malicious intent could let
> an attacker take over the WebCollage process, and ultimately give full access
> to the users account.

Indeed, but with a correctly up-to-date computer that's not an issue.
Another reason for not adding it to the default configuration, but not
to remove it entirely.
-- 
 .''`.           Josselin Mouette        /\./\
: :' :           josselin.mouette@ens-lyon.org
`. `'                        joss@debian.org
   `-  Debian GNU/Linux -- The power of freedom



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#311683; Package kdebase-bin. Full text and rfc822 format available.

Acknowledgement sent to Josselin Mouette <joss@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#311683; Package kdebase-bin. Full text and rfc822 format available.

Acknowledgement sent to Christopher Martin <christopher.martin@utoronto.ca>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #39 received at 311683@bugs.debian.org (full text, mbox):

From: Christopher Martin <chrsmrtn@gmail.com>
To: 311683@bugs.debian.org, "R. Armiento" <reply-debian-05@armiento.net>
Cc: control@bugs.debian.org, bab@debian.org
Subject: Re: Processed: Re: Processed: Re: Bug#311683: xscreensaver: web collage screensaver makes debian "default install" of kde show porn
Date: Fri, 3 Jun 2005 22:44:37 -0400
[Message part 1 (text/plain, inline)]
tags 311683 confirmed pending
reassign 311683 kscreensaver-xsavers
stop

On June 2, 2005 18:03, Debian Bug Tracking System wrote:
> Processing commands for control@bugs.debian.org:
> > reassign 311683 kdebase-bin
>
> Bug#311683: xscreensaver: web collage screensaver makes debian "default
> install" of kde show porn Bug reassigned from package `kscreensaver' to
> `kdebase-bin'.

The next kdeartwork package will fix this by simply disabling webcollage. 
From all the discussion that has gone on, it seems that there are many 
reasons why this screensaver is a bad idea.

(The KRandom screensaver is in kdebase-bin, but the specific offending 
screensaver we're going to disable is enabled through kdeartwork, so I'll 
reassign this there for now, Ben, if you don't mind - of course the first 
post-Sarge upload, under the team umbrella, will take of this).

Cheers,
Christopher Martin
[Message part 2 (application/pgp-signature, inline)]

Tags added: confirmed, pending Request was from Christopher Martin <chrsmrtn@gmail.com> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `kdebase-bin' to `kscreensaver-xsavers'. Request was from Christopher Martin <chrsmrtn@gmail.com> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ben Burton <bab@debian.org>:
Bug#311683; Package kscreensaver-xsavers. Full text and rfc822 format available.

Acknowledgement sent to Adeodato Simó <adeodato@debian.org>:
Extra info received and forwarded to list. Copy sent to Ben Burton <bab@debian.org>. Full text and rfc822 format available.

Message #48 received at 311683@bugs.debian.org (full text, mbox):

From: Adeodato Simó <adeodato@debian.org>
To: debian-project@lists.debian.org, 311683@bugs.debian.org
Cc: "R. Armiento" <reply-debian-05@armiento.net>
Subject: Re: Discussion of bug #311683, default kde install shows porn
Date: Sat, 4 Jun 2005 19:40:46 +0200
[Message part 1 (text/plain, inline)]
* R. Armiento [Fri, 03 Jun 2005 18:02:54 +0200]:

> I just want to bring bug #311683 to "public awareness" and
> discussion. Since it is a bit of a "sociopolitcal" and policy
> issue, I suspect there may be people out there who feel
> strongly about this one way or the other, and with
> the upcoming release of debian sarge, it might not be optimal
> if this feature makes it out to the official release "under
> the radar" without being publically discussed.

  1. This is not getting fixed for Sarge, it has been reported too late.
     You may want to (try to) convince the Stable Release Manager that
     this is really suitable or even necessary for a point release.

  2. The KDE team has already said (read the bug log) that we will
     provide a solution for this issue in our next upload. Either by not
     providing the Web Collage screensaver at all in the Control Center,
     or (preferably) by not letting Random mode pick it.

     Other solutions, like having Random mode let you pick what
     screensavers to use, are in upstream's realm.

  3. If you're a system administrator and are concerned about this
     biting you and your users, do one of these:

     - don't install the kscreensaver-xsavers package
     - dpkg-divert --add --rename /usr/share/applnk/System/ScreenSavers/webcollage.desktop

  4. If you're a KDE user and don't want Random mode to pick Web
     Collage, do one of these:

     - don't use Random mode
     - ask your sysadmin to perform one of the actions in (3)
     - drop the attached file in ~/.kde/share/applnk/System/ScreenSavers;
       do gunzip it first, but DO NOT rename it. (With it, whenever Web
       Collage would have been used, "Blank Screen" will be called instead.
       I attach the diff to the original file too.)

  5. If you are reading the above and think "Debian should deliver a
     good product by default, and neither (3) nor (4) are reasonable
     things to ask to our users", I agree, but the timing of this report
     has been very unfortunate.

  Cheers,

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
Everything you read in newspapers is absolutely true, except for that
rare story of which you happen to have first-hand knowledge.
                -- Erwin Knoll
[webcollage.desktop.gz (application/octet-stream, attachment)]
[webcollage.diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Ben Burton <bab@debian.org>:
Bug#311683; Package kscreensaver-xsavers. Full text and rfc822 format available.

Acknowledgement sent to Sven Luther <sven.luther@wanadoo.fr>:
Extra info received and forwarded to list. Copy sent to Ben Burton <bab@debian.org>. Full text and rfc822 format available.

Message #53 received at 311683@bugs.debian.org (full text, mbox):

From: Sven Luther <sven.luther@wanadoo.fr>
To: debian-project@lists.debian.org, 311683@bugs.debian.org, "R. Armiento" <reply-debian-05@armiento.net>
Subject: Re: Discussion of bug #311683, default kde install shows porn
Date: Sat, 4 Jun 2005 22:25:06 +0200
On Sat, Jun 04, 2005 at 07:40:46PM +0200, Adeodato Simó wrote:
> * R. Armiento [Fri, 03 Jun 2005 18:02:54 +0200]:
> 
> > I just want to bring bug #311683 to "public awareness" and
> > discussion. Since it is a bit of a "sociopolitcal" and policy
> > issue, I suspect there may be people out there who feel
> > strongly about this one way or the other, and with
> > the upcoming release of debian sarge, it might not be optimal
> > if this feature makes it out to the official release "under
> > the radar" without being publically discussed.
> 
>   1. This is not getting fixed for Sarge, it has been reported too late.
>      You may want to (try to) convince the Stable Release Manager that
>      this is really suitable or even necessary for a point release.

This needs to be fixed for sarge, as it will subject random underage people
sitting in the same room your computer is in to random porn. I believe this is
illegal in most countries, and we can't be allowed to let this happen.

I also believe that this may subject distributors of debian/sarge cd to legal
troubles.

>   2. The KDE team has already said (read the bug log) that we will
>      provide a solution for this issue in our next upload. Either by not
>      providing the Web Collage screensaver at all in the Control Center,
>      or (preferably) by not letting Random mode pick it.
> 
>      Other solutions, like having Random mode let you pick what
>      screensavers to use, are in upstream's realm.
> 
>   3. If you're a system administrator and are concerned about this
>      biting you and your users, do one of these:
> 
>      - don't install the kscreensaver-xsavers package
>      - dpkg-divert --add --rename /usr/share/applnk/System/ScreenSavers/webcollage.desktop

So, what is wrong with making an upload that fixes this instead ? 

>   4. If you're a KDE user and don't want Random mode to pick Web
>      Collage, do one of these:
> 
>      - don't use Random mode
>      - ask your sysadmin to perform one of the actions in (3)
>      - drop the attached file in ~/.kde/share/applnk/System/ScreenSavers;
>        do gunzip it first, but DO NOT rename it. (With it, whenever Web
>        Collage would have been used, "Blank Screen" will be called instead.
>        I attach the diff to the original file too.)
> 
>   5. If you are reading the above and think "Debian should deliver a
>      good product by default, and neither (3) nor (4) are reasonable
>      things to ask to our users", I agree, but the timing of this report
>      has been very unfortunate.

So what ? What happened to we will release when we are ready ? And is really
one day more or less or even a week going to be a problem ? Especially given
the legal consequences it can bring to our users and distributors ? 

Friendly,

Sven Luther




Information forwarded to debian-bugs-dist@lists.debian.org, Ben Burton <bab@debian.org>:
Bug#311683; Package kscreensaver-xsavers. Full text and rfc822 format available.

Acknowledgement sent to MJ Ray <mjr@phonecoop.coop>:
Extra info received and forwarded to list. Copy sent to Ben Burton <bab@debian.org>. Full text and rfc822 format available.

Message #58 received at 311683@bugs.debian.org (full text, mbox):

From: MJ Ray <mjr@phonecoop.coop>
To: <debian-project@lists.debian.org>,<311683@bugs.debian.org>
Subject: Re: Discussion of bug #311683, default kde install shows porn
Date: Sun, 05 Jun 2005 11:36:28 +0100
Sven Luther wrote:
> This needs to be fixed for sarge, as it will subject random underage people
> sitting in the same room your computer is in to random porn. I believe th=
> is is illegal in most countries, and we can't be allowed to let this happen.

Mmmm, debian-illegal anyone?  What law is that in France and why
aren't all the magazine shop owners being locked-up?




Information forwarded to debian-bugs-dist@lists.debian.org, Ben Burton <bab@debian.org>:
Bug#311683; Package kscreensaver-xsavers. Full text and rfc822 format available.

Acknowledgement sent to Sven Luther <sven.luther@wanadoo.fr>:
Extra info received and forwarded to list. Copy sent to Ben Burton <bab@debian.org>. Full text and rfc822 format available.

Message #63 received at 311683@bugs.debian.org (full text, mbox):

From: Sven Luther <sven.luther@wanadoo.fr>
To: MJ Ray <mjr@phonecoop.coop>
Cc: debian-project@lists.debian.org, 311683@bugs.debian.org
Subject: Re: Discussion of bug #311683, default kde install shows porn
Date: Sun, 5 Jun 2005 13:43:06 +0200
On Sun, Jun 05, 2005 at 11:36:28AM +0100, MJ Ray wrote:
> Sven Luther wrote:
> > This needs to be fixed for sarge, as it will subject random underage people
> > sitting in the same room your computer is in to random porn. I believe th=
> > is is illegal in most countries, and we can't be allowed to let this happen.
> 
> Mmmm, debian-illegal anyone?  What law is that in France and why
> aren't all the magazine shop owners being locked-up?

I believe it is illegal for those shops to sell their stuff to underage folk,
don't you ?

Friendly,

Sven Luther




Information forwarded to debian-bugs-dist@lists.debian.org, Ben Burton <bab@debian.org>:
Bug#311683; Package kscreensaver-xsavers. Full text and rfc822 format available.

Acknowledgement sent to "Artur R. Czechowski" <arturcz@hell.pl>:
Extra info received and forwarded to list. Copy sent to Ben Burton <bab@debian.org>. Full text and rfc822 format available.

Message #68 received at 311683@bugs.debian.org (full text, mbox):

From: "Artur R. Czechowski" <arturcz@hell.pl>
To: 311683@bugs.debian.org
Cc: control@bugs.debian.org
Subject: web collage is NOT a default screensaver in KDE
Date: Sun, 5 Jun 2005 20:24:13 +0200
retitle 311683 xscreensaver: under some circumstances KDE screensaver can show porn
thanks

As it was stated in the thread on debian-project[1] (and I just checked it for
my own), default screensaver in KDE is blank not webcollage. So default KDE
installation with default configuration does NOT show pr0n.

I am retitling this bug to be more apropriate.

Regards
	Artur

[1] http://lists.debian.org/debian-project/2005/06/msg00031.html
-- 
"Nasz bohater często siada przed komputerem i myśli"
					recenzja http://czat.zlotemysli.pl/



Changed Bug title. Request was from "Artur R. Czechowski" <arturcz@hell.pl> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 311683 316900. Request was from Josselin Mouette <joss@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "R. Armiento" <reply-debian-05@armiento.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #77 received at 311683-close@bugs.debian.org (full text, mbox):

From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
To: 311683-close@bugs.debian.org
Subject: Bug#311683: fixed in kdeartwork 4:3.4.2-1
Date: Thu, 01 Sep 2005 11:02:21 -0700
Source: kdeartwork
Source-Version: 4:3.4.2-1

We believe that the bug you reported is fixed in the latest version of
kdeartwork, which is due to be installed in the Debian FTP archive:

kdeartwork-emoticons_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdeartwork-emoticons_3.4.2-1_all.deb
kdeartwork-misc_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdeartwork-misc_3.4.2-1_all.deb
kdeartwork-style_3.4.2-1_i386.deb
  to pool/main/k/kdeartwork/kdeartwork-style_3.4.2-1_i386.deb
kdeartwork-theme-icon_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdeartwork-theme-icon_3.4.2-1_all.deb
kdeartwork-theme-window_3.4.2-1_i386.deb
  to pool/main/k/kdeartwork/kdeartwork-theme-window_3.4.2-1_i386.deb
kdeartwork_3.4.2-1.diff.gz
  to pool/main/k/kdeartwork/kdeartwork_3.4.2-1.diff.gz
kdeartwork_3.4.2-1.dsc
  to pool/main/k/kdeartwork/kdeartwork_3.4.2-1.dsc
kdeartwork_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdeartwork_3.4.2-1_all.deb
kdeartwork_3.4.2.orig.tar.gz
  to pool/main/k/kdeartwork/kdeartwork_3.4.2.orig.tar.gz
kdewallpapers_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdewallpapers_3.4.2-1_all.deb
kscreensaver-xsavers_3.4.2-1_i386.deb
  to pool/main/k/kdeartwork/kscreensaver-xsavers_3.4.2-1_i386.deb
kscreensaver_3.4.2-1_i386.deb
  to pool/main/k/kdeartwork/kscreensaver_3.4.2-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 311683@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdeartwork package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  1 Sep 2005 18:52:58 +0200
Source: kdeartwork
Binary: kdeartwork-misc kdeartwork-emoticons kdeartwork-theme-window kscreensaver kdeartwork-theme-icon kdeartwork-style kdeartwork kdewallpapers kscreensaver-xsavers
Architecture: source all i386
Version: 4:3.4.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description: 
 kdeartwork - themes, styles and more from the official KDE release
 kdeartwork-emoticons - emoticon collections for KDE chat clients
 kdeartwork-misc - various multimedia goodies released with KDE
 kdeartwork-style - widget styles released with KDE
 kdeartwork-theme-icon - icon themes released with KDE
 kdeartwork-theme-window - window decoration themes released with KDE
 kdewallpapers - wallpapers released with KDE
 kscreensaver - additional screen savers released with KDE
 kscreensaver-xsavers - KDE hooks for standard xscreensavers
Closes: 278263 310866 311683 316900 317202 322008
Changes: 
 kdeartwork (4:3.4.2-1) unstable; urgency=low
 .
   * New upstream release.
 .
   * Rebuild (Closes: #317202)
 .
   +++ Changes by Christopher Martin:
 .
   * Replace the build-dep on xlibmesa-glu-dev with libglu1-xorg-dev for the
     X.Org transition.
 .
   * Remove the dummy transitional package kdeartwork-theme-desktop, as Sarge
     was released and Woody --> Sarge upgrades are no longer a concern.
     (Closes: #322008)
 .
   * Don't install webcollage.desktop. This effectively disables that
     screensaver, removing it from the random screensaver's pool, preventing
     the inadvertent display of completely random pictures from the Internet.
     (Closes: #311683, #316900)
 .
   * The necessary files for the pinion screensaver are now installed.
     (Closes: #310866)
 .
   +++ Changes by Luk Claes:
 .
   * Added me to uploaders
 .
 kdeartwork (4:3.4.1-1) experimental; urgency=low
 .
   * New upstream release.
 .
 kdeartwork (4:3.4.0-0pre2) alioth; urgency=low
 .
   * New upstream release.
 .
   +++ Changes by Christopher Martin:
 .
   * Converted packaging to CDBS.
   * Added a new package, kdeartwork-emoticons (containing the former
     Kopete emoticons, now usable by everyone).
   * Forward port a patch from KDE 3.3 that fixes the building of the
     KFireSaver screensaver.
   * Lower kscreensaver-xsavers's dependency on xscreensaver-gl to a Recommends.
     (Closes: #278263)
Files: 
 20d246f73ff9a8f712bc72941623b5ff 1213 kde optional kdeartwork_3.4.2-1.dsc
 62ec4b454bee0f244019779865c13ef4 18456475 kde optional kdeartwork_3.4.2.orig.tar.gz
 21ff9471e4706209f1093ec5e27b3cda 130939 kde optional kdeartwork_3.4.2-1.diff.gz
 20a6aaf6cf875f09db840fb3702d4a89 8790 kde optional kdeartwork_3.4.2-1_all.deb
 bca8af136a86e71e317b0bcd2a89ade7 106038 kde optional kdeartwork-emoticons_3.4.2-1_all.deb
 ee6b8b12ce68dd24866391b17cdaf140 3419008 kde optional kdeartwork-misc_3.4.2-1_all.deb
 3d14aa933c19ffbeda79e9cadabfda3a 10875682 kde optional kdeartwork-theme-icon_3.4.2-1_all.deb
 ba9c0e3e66f647a5c5cbd1e8a0da9b08 2272532 kde optional kdewallpapers_3.4.2-1_all.deb
 c2cfd48bb8d1da1a945958b393489e81 86052 kde optional kdeartwork-style_3.4.2-1_i386.deb
 dbba722a6fa7ee2ef6ba7423e2d0d3a0 314074 kde optional kdeartwork-theme-window_3.4.2-1_i386.deb
 5b72b1ad19ace6b9b573e7c797ef575b 814488 kde optional kscreensaver_3.4.2-1_i386.deb
 801fe7d8741e228fc87b0164cefaf8c4 160154 kde optional kscreensaver-xsavers_3.4.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDFzaG5UTeB5t8Mo0RAhJDAJ4x7o0ZzXbEnGyXp5/PpXqw94PprgCgzzDA
e1H4hFFPKSdIrES7+PMJLHg=
=uFwB
-----END PGP SIGNATURE-----




Reply sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "R. Armiento" <reply-debian-05@armiento.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #82 received at 316900-close@bugs.debian.org (full text, mbox):

From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
To: 316900-close@bugs.debian.org
Subject: Bug#316900: fixed in kdeartwork 4:3.4.2-1
Date: Thu, 01 Sep 2005 11:02:21 -0700
Source: kdeartwork
Source-Version: 4:3.4.2-1

We believe that the bug you reported is fixed in the latest version of
kdeartwork, which is due to be installed in the Debian FTP archive:

kdeartwork-emoticons_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdeartwork-emoticons_3.4.2-1_all.deb
kdeartwork-misc_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdeartwork-misc_3.4.2-1_all.deb
kdeartwork-style_3.4.2-1_i386.deb
  to pool/main/k/kdeartwork/kdeartwork-style_3.4.2-1_i386.deb
kdeartwork-theme-icon_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdeartwork-theme-icon_3.4.2-1_all.deb
kdeartwork-theme-window_3.4.2-1_i386.deb
  to pool/main/k/kdeartwork/kdeartwork-theme-window_3.4.2-1_i386.deb
kdeartwork_3.4.2-1.diff.gz
  to pool/main/k/kdeartwork/kdeartwork_3.4.2-1.diff.gz
kdeartwork_3.4.2-1.dsc
  to pool/main/k/kdeartwork/kdeartwork_3.4.2-1.dsc
kdeartwork_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdeartwork_3.4.2-1_all.deb
kdeartwork_3.4.2.orig.tar.gz
  to pool/main/k/kdeartwork/kdeartwork_3.4.2.orig.tar.gz
kdewallpapers_3.4.2-1_all.deb
  to pool/main/k/kdeartwork/kdewallpapers_3.4.2-1_all.deb
kscreensaver-xsavers_3.4.2-1_i386.deb
  to pool/main/k/kdeartwork/kscreensaver-xsavers_3.4.2-1_i386.deb
kscreensaver_3.4.2-1_i386.deb
  to pool/main/k/kdeartwork/kscreensaver_3.4.2-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 316900@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdeartwork package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  1 Sep 2005 18:52:58 +0200
Source: kdeartwork
Binary: kdeartwork-misc kdeartwork-emoticons kdeartwork-theme-window kscreensaver kdeartwork-theme-icon kdeartwork-style kdeartwork kdewallpapers kscreensaver-xsavers
Architecture: source all i386
Version: 4:3.4.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description: 
 kdeartwork - themes, styles and more from the official KDE release
 kdeartwork-emoticons - emoticon collections for KDE chat clients
 kdeartwork-misc - various multimedia goodies released with KDE
 kdeartwork-style - widget styles released with KDE
 kdeartwork-theme-icon - icon themes released with KDE
 kdeartwork-theme-window - window decoration themes released with KDE
 kdewallpapers - wallpapers released with KDE
 kscreensaver - additional screen savers released with KDE
 kscreensaver-xsavers - KDE hooks for standard xscreensavers
Closes: 278263 310866 311683 316900 317202 322008
Changes: 
 kdeartwork (4:3.4.2-1) unstable; urgency=low
 .
   * New upstream release.
 .
   * Rebuild (Closes: #317202)
 .
   +++ Changes by Christopher Martin:
 .
   * Replace the build-dep on xlibmesa-glu-dev with libglu1-xorg-dev for the
     X.Org transition.
 .
   * Remove the dummy transitional package kdeartwork-theme-desktop, as Sarge
     was released and Woody --> Sarge upgrades are no longer a concern.
     (Closes: #322008)
 .
   * Don't install webcollage.desktop. This effectively disables that
     screensaver, removing it from the random screensaver's pool, preventing
     the inadvertent display of completely random pictures from the Internet.
     (Closes: #311683, #316900)
 .
   * The necessary files for the pinion screensaver are now installed.
     (Closes: #310866)
 .
   +++ Changes by Luk Claes:
 .
   * Added me to uploaders
 .
 kdeartwork (4:3.4.1-1) experimental; urgency=low
 .
   * New upstream release.
 .
 kdeartwork (4:3.4.0-0pre2) alioth; urgency=low
 .
   * New upstream release.
 .
   +++ Changes by Christopher Martin:
 .
   * Converted packaging to CDBS.
   * Added a new package, kdeartwork-emoticons (containing the former
     Kopete emoticons, now usable by everyone).
   * Forward port a patch from KDE 3.3 that fixes the building of the
     KFireSaver screensaver.
   * Lower kscreensaver-xsavers's dependency on xscreensaver-gl to a Recommends.
     (Closes: #278263)
Files: 
 20d246f73ff9a8f712bc72941623b5ff 1213 kde optional kdeartwork_3.4.2-1.dsc
 62ec4b454bee0f244019779865c13ef4 18456475 kde optional kdeartwork_3.4.2.orig.tar.gz
 21ff9471e4706209f1093ec5e27b3cda 130939 kde optional kdeartwork_3.4.2-1.diff.gz
 20a6aaf6cf875f09db840fb3702d4a89 8790 kde optional kdeartwork_3.4.2-1_all.deb
 bca8af136a86e71e317b0bcd2a89ade7 106038 kde optional kdeartwork-emoticons_3.4.2-1_all.deb
 ee6b8b12ce68dd24866391b17cdaf140 3419008 kde optional kdeartwork-misc_3.4.2-1_all.deb
 3d14aa933c19ffbeda79e9cadabfda3a 10875682 kde optional kdeartwork-theme-icon_3.4.2-1_all.deb
 ba9c0e3e66f647a5c5cbd1e8a0da9b08 2272532 kde optional kdewallpapers_3.4.2-1_all.deb
 c2cfd48bb8d1da1a945958b393489e81 86052 kde optional kdeartwork-style_3.4.2-1_i386.deb
 dbba722a6fa7ee2ef6ba7423e2d0d3a0 314074 kde optional kdeartwork-theme-window_3.4.2-1_i386.deb
 5b72b1ad19ace6b9b573e7c797ef575b 814488 kde optional kscreensaver_3.4.2-1_i386.deb
 801fe7d8741e228fc87b0164cefaf8c4 160154 kde optional kscreensaver-xsavers_3.4.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDFzaG5UTeB5t8Mo0RAhJDAJ4x7o0ZzXbEnGyXp5/PpXqw94PprgCgzzDA
e1H4hFFPKSdIrES7+PMJLHg=
=uFwB
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 07:37:50 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 08:07:29 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.