[Secure-testing-team] Bug#645427: Stopped locking the screen when closing the laptop lid

Michael Gilbert michael.s.gilbert at gmail.com
Sun Oct 16 00:10:52 UTC 2011


Josh Triplett wrote:
> The screen does not *have* to be locked, no.  The user may choose to
> have the screen locked (which to the best of my knowledge represents the
> default configuration for gnome-screensaver/gnome-power-manager).  If
> the user *does* choose such a configuration, then a regression in that
> behavior without any warning opens a hole in the user's security.  

TThe user hasn't made any choice about the defaults, upstream or the
maintainer has. If there is a setting that says "lock screen on lid
close", and the user has intentionally selected that, but it doesn't do
exactly what it said, then yes, the security model as conveyed to
the user is broken. But if the default setting happens to have changed,
that it's not a security model violation.  It's simply a bug, and
we're not going to track it as security-relevant.

I'm not going to play bts ping pong.  At this point let's leave the
decision up to the maintainers.

Best wishes,
Mike



More information about the Secure-testing-team mailing list