Gary: >> I cc:ed Gary Winiger on some of these emails, hoping to get some input >> from somebody who really understands PAM, but he never responded. It > > Right I'm tired of rehashing this every few months. Mahmood > pressed rewind and replay on the requirements for a screen lock > program. Meet those requirements and I don't care what source base > is used. > > Once again dropping out of the discussion until some VP directs me > to have this be a P0 priority.
Probably the solution to these problems is to move away from xscreensaver and move towards a different screen lock program, perhaps gnome-screensaver. If we were to do this, the JDS team would take over ownership of the lock screen program. Perhaps doing a move like this would help resolve some of the long-standing issues we've had in this area. However, it seems that none of our existing screen lock programs (xlock, dtlock, xscreensaver) deal with the "gaping Xauth Trusted Path" issue which I discussed in my last email. Since Gary highlights that we must meet Trusted Path requirements, I do not think the JDS team will be comfortable taking over the screenlock program unless there is some plan or guidance regarding how to do this properly. I've read the emails from Gary that Mahmood forwarded to me, but I don't see any discussion about this Xauth issue. It seems most of the discussion so far has been regarding the PAM issue we've talked about at such length that Gary won't talk about it anymore. Also, Mahmood suggested (about a year ago) that he would help port some of the hacks we make to xscreensaver to gnome-screensaver (such as the modifications to allow it to be configured to support a two-process model - one GUI process that runs as the user and one root process which talks to PAM). However, I don't believe any progress has been made in this area so far. So, although we agreed it would make sense for the JDS team to take over ownership of screenlock about a year ago, there has been little progress. Brian
