Security Audit Request for Screenlocker Branch

Tue Oct 11 14:47:58 BST 2011

On Tuesday 11 October 2011 15:33:39 Torgny Nyblom wrote:
> On Tuesday 11 October 2011 14.55.29 Martin Gräßlin wrote:
> > On Monday 10 October 2011 20:02:07 Parker Coates wrote:
> > > On Sun, Oct 9, 2011 at 14:02, Martin Gräßlin wrote:
> > > > I want to request a security audit for the changes to ensure that
> > > > the new implementation is as secure as the existing one and that I
> > > > did not forget an important case which would compromise the
> > > > security.
> > > > 
> > > > The general concept of the new screenlocker is described in the
> > > > wiki:
> > > > http://community.kde.org/KWin/Screenlocker
> > > > 
> > > >> Screensavers without Locking
> > > >> No valid use case: should no longer be supported.
> > > 
> > > Could you elaborate on this part? What is meant by "screensavers
> > > without locking"?
> > 
> > Just running the screen saver animation without locking the screen. That
> > is
> > moving the mouse deactivates the screensaver without asking for a
> > password.
> 
> Does this mean that I will be focred to use a screensaver with password
> unlock? If so why is that not a vaild usecase? It's what I use at home all
> the time.
It is not a valid usecase for a screen *locker* to support that. The legacy 
implementation still supports just using a screen saver, though this will go 
away in 4.9 after current planning.

I ask you to stay on-topic in this thread on the security of the locker. If 
you want to discuss about the screen saver animations please start a new 
thread and preferable not on kcd but on workspace relevant mailing lists such 
as kwin or plasma-devel.

Thanks
Martin
> 
> /Regards
> Torgny
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20111011/20a13d04/attachment.sig>