Hi, i've been running an openarena server for 6 months now and although i'm just an ordinary user i wanted to share my thoughts on this bug.
I agree with your conclusions and how you contrast the pros and cons. I
personally could live without automatic downloading. But the question is if
other players, the casual user, would see it as an improvement of security or
as an
unnecessary inconvenience forced on them by Debian because your change
would not only affect mods but also the download of official maps.
In practice this would force players to download custom maps and even
new versions of base maps manually from more or less trustworthy servers.
For example Ubuntu players are playing with version 0.8.5 at the moment
and my Debian server is running 0.8.8. If cl_allowDownload was
permanently disabled all players which run an older version wouldn't be
able to join my server although they only had to download the
pak6-patch088.pk3.
In fact when i had disabled cl_allowDownload on the server a
considerable smaller number of players joined the server. Thus disabling
allowDownload on the client would very likely force these casual players
to play on servers with an outdated version which would give them a
false impression of the actual development of Openarena.
Please consider a second alternative:
* Automatic downloading is disabled on the first start thus OpenArena is
secure by default.
* You could also move the menu option for auto downloading to the
bottom and improve the description. "Warning: Enabling of auto
downloading *could* lead to security implications. Worst case:
Execution of arbitrary code. Please visit <link to the Debian Wiki>
and carefully read about the alternatives *before* you enable this option.
No matter which alternative you prefer please make sure that every user
knows about the information on the Debian Wiki and that they are pointed
to the official Debian ftp servers where they can obtain new pak files.
Finally i wonder how other distributions deal with this potential
security flaw and whether they would follow Debian. Then either this is
a serious issue or not thus automatic downloading should be completly
removed. If not then in my opinion it's better to improve the description
than to walk a seperate path.
Kind regards
Markus Koschany
signature.asc
Description: Digital signature
