[KDE4] what component does the screenlocking?
Martin Gräßlin
mgraesslin at kde.org
Sun Mar 5 16:57:41 UTC 2017
Am 2017-03-05 09:32, schrieb René J. V. Bertin:
> Kai Uwe Broulik wrote:
>
>> Turn the screen off. Problem solved.
>
> Sure, that's why I use computers, to have to remember myself to do
> everything by
> hand... I'd suggest to remove all current hooks into power management
> too if
> that's the prevalent mindset - just turn the computer off. Problem
> solved.
>
> At least that'll work with laptops and all-in-ones too.
>
> O-)
>
>
> I'll keep using xscreensaver but may come back to that topic after some
> more
> testing.
Given what you want to have I strongly suggest to stick to xss. We will
definitely not add back support for xss hacks nor for starting the
locker without requiring password. If you want those two features stay
with xss. As an alternative you can write a dedicated application to do
this just without any authorization. Just a fullscreen application
rendering the xss hack.
For anyone wondering: I want to keep the Lockscreen as stupid and simple
as possible. It has two tasks: preventing unauthorized access to the
system and to be secure. Xss hacks violate both these conditions. The
possibility to not require a password clearly violates the preventing
unauthorized access condition. And xss hacks in general complicate the
setup so that guaranteeing the secure aspect becomes difficult. There
are xss hacks which also violate the unauthorized access condition by
using the desktop in a distorted way. That is something our Lockscreen
architecture prevents. To support this we would have to add a backdoor
to the architecture. So overall absolutely not acceptable.
Also on kde4 times the xss hacks to a completely different code path -
basically two different applications.
Cheers
Martin
More information about the Plasma-devel
mailing list