Web lists-archives.com

Re: Buster/XFCE unlock screen is blank




Adam Borowski <kilobyte@xxxxxxxxxx> writes:

> But, the culprit is light-locker.  In general, it's in such a buggy
> state that I believe it shouldn't be in the distribution at all, much
> less a default of any kind.  After it replaced xscreensaver[1] as the
> xfce's dependency, I went into some pretty heated arguments, but then
> stormed off and ignored the issue.

It's worth noting here that xscreensaver has an IMO serious security
vulnerability (unless maybe this has been fixed?): because it doesn't
integrate properly with the desktop, it doesn't hide desktop
notifications.  Desktop notifications will appear above the lock screen.
If you therefore leave a locked computer in some relatively public place
(such as an open plan office at work), you may be exposing things on your
screen that you didn't expect, such as direct messages from some messaging
system that's plugged into desktop notifications.

I did some research on that a while back and ended up not filing a bug
about it because it looked relatively pointless.  It appeared to be a deep
design choice on both sides, and not something anyone was likely to solve,
so I just switched to a desktop-aware locker.

-- 
Russ Allbery (rra@xxxxxxxxxx)               <http://www.eyrie.org/~eagle/>