Hi Nico, Thanks for the report!
On 13:16 Thu 08 Nov , Nico Golde wrote: > Package: suckless-tools > Version: 38-2 > Severity: grave > Justification: user security hole > > > Hey, > this package has not updated any of the tools included since two years. > Please package newer tools, especially but most important slock. As per the freeze policy I can't really introduce new things into Wheezy so I didn't consider putting new versions into 38-2. I'm preparing 39 version with all bugs closed and latest version of software but it will not be in wheezy and will be backported once wheezy is stable. > > The current version of slock has no indication whatsoever that a screen lock > is active. > After a longer idle period of the display, it is therefore impossible to > distinguish between a locked > screen and an inactive screen. As a result, it is not too difficult to write > your password somewhere > you don't want to because you assumed the screen was locked. > Hence I marked this as grave, this happened to me multiple times. > > Newer slock versions have a color indication once you hit the first key on > the keyboard that shows > you that the lock is active. But If I understand correctly it is not a bug but that is how slock was designed previously and patch was later submitted to colourise and give more features to slock which was later merged by Anselm to prepare 1.1 version. So can you please reconsider on the severity of the bug? Now coming to the colourising feature are you talking about this specific commit[1] or all the 3 new patches from the tip? If this is the single patch you meant then I will try to cherrypick it but again I don't know new unblock request will be entertained by release team [2] PS: I will be on vacation for a week from tomorrow so I'm really not sure if I will be able to finish this package soon. If you can prepare an NMU I'll be happy with that :-). Only thing is I don't want package to be removed from Wheezy because multiple packages depend on it. [1] http://hg.suckless.org/slock/diff/0eade055cef0/slock.c [2] http://lists.debian.org/debian-devel-announce/2012/11/msg00003.html Warm Regards -- Vasudev Kamath http://copyninja.info Connect on ~friendica: copyninja@{frndk.de | vasudev.homelinux.net} IRC nick: copyninja | vasudev {irc.oftc.net | irc.freenode.net} GPG Key: C517 C25D E408 759D 98A4 C96B 6C8F 74AE 8770 0B7E
signature.asc
Description: Digital signature
