Le jeudi 29 décembre 2005 à 22:57 +0100, Hilko Bengen a écrit : > * Users do not generally expect a screen saver to cause network > traffic. Even in 2005 there are still Debian users whose network > connectivity is non-broadband and/or metered by volume or time spent > online for whom xscreensaver's default behavior may cause > "interesting" surprises. Just think of laptops with GSM or UMTS > modems for a non-third-world example...
xscreensaver is retrieving the RSS feed, which isn't a really big file, and it is retrieving it only once for each hack using xscreensaver-text. And it's not as if it couldn't be easily deactivated. > * I haven't looked at the mechanisms used by xscreensaver-text to > fetch content from URLs at all, but the security implications of a > potential error in the code that retreives untrusted content from > the net don't exactly cause a warm, fuzzy feeling. On first sight, xscreensaver-text is making quite a bunch of sanitizing; I don't know whether this is enough, though. Anyway, I wouldn't call planet.debian.org "untrusted content". This site can only receive contributions from Debian developers. Regards, -- .''`. Josselin Mouette /\./\ : :' : [EMAIL PROTECTED] `. `' [EMAIL PROTECTED] `- Debian GNU/Linux -- The power of freedom
signature.asc
Description: Ceci est une partie de message numériquement signée
