By default, the lock screen displays the currently playing media on VLC. This leaks details of media being played to anyone. Can't see where to flag this as security issue.
To my knowledge Plasma 5.12 will introduce a config option.
I have plasma-desktop 4:5.12.0-0neon+16.04+xenial+build80 on KDE Neon. No such option has appeared in workspace->screenlocking under either tab
By the Plasma 5.12.0 release announcement : https://www.kde.org/announcements/plasma-5.12.0.php has: "Media controls have been added to the lock screen. For added privacy, they can be disabled in Plasma 5.12..." There is bug report: Bug 384264 - Make it possible to disable media controls on lock screen - https://bugs.kde.org/show_bug.cgi?id=384264 . It is marked as fixed with the https://cgit.kde.org/kscreenlocker.git/commit/?id=e36101cd1b4857a23e05b9d1f039e9358bd1f49b BUT the 'config.qml' is not shown by the lock screen configuration with the plasma 5.12.0. Tested with the Neon and with the Arch. A workaround is to manually edit the /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/lockscreen/config.xml . Change the '<default>true</default>' to '<default>false</default>'
Urgh, there's a bug. If the "Appareance" tab is not the active tab on load, then it doesn't render the second QtQuick UI
Are you going to rate this more seriously then ? Not only is KDE insecure by default now, but it's not possible to change the settings to make it more secure! I'm thinking you want to issue an out-of-band update ASAP...
The impliciation was that I would fix it.
Git commit 639d1809e4d3605903e0efe379f104e35a03fc38 by David Edmundson. Committed on 13/02/2018 at 22:29. Pushed by davidedmundson into branch 'Plasma/5.12'. Update size hint of lnf config widget The old code implicitly used the initial size, which depending on when source is set, was often 0 M +2 -2 kcm/kcm.ui M +3 -0 kcm/lnfconfig.qml https://commits.kde.org/kscreenlocker/639d1809e4d3605903e0efe379f104e35a03fc38
Thanks Sam for your continues bug triaging efforts. I have just raised your bugzilla privileges to edit any aspects of bugs (mark duplicates, etc.)
So is this just getting lumped into the next monthly patch set ?
(In reply to Tom Chiverton from comment #9) > So is this just getting lumped into the next monthly patch set ? It is fixed in branch 'Plasma/5.12'. Next, 5.12.2 , is planned: Tue 2018-02-20. Plasma Schedules: https://community.kde.org/Schedules/Plasma_5 . ...and yes it is working: [img]https://i.imgur.com/vpLWRoF.png[/img]
>So is this just getting lumped into the next monthly patch set ? Yes.
I just updated to Plasma 5.12.3 from the Debian testing repository and I don't see the new UI in the lock screen settings. Is there something different about the Debian Plasma packages?
(In reply to onitake from comment #12) > I just updated to Plasma 5.12.3 from the Debian testing repository and I > don't see the new UI in the lock screen settings. > > Is there something different about the Debian Plasma packages? What do you see ? Could you add a link to the screen capture ?
Created attachment 111794 [details] No lock screen L&F options except wallpaper
Created attachment 111795 [details] System settings version dialogue
Here you go - see the attachments
(In reply to onitake from comment #12) > I just updated to Plasma 5.12.3 from the Debian testing repository and I > don't see the new UI in the lock screen settings. > > Is there something different about the Debian Plasma packages? A quick test with the Debian, Ubuntu and the Neon: Debian - not working: https://imgur.com/oluO1Tu Ubuntu - not working: https://imgur.com/tu1q2iL Neon - working: https://imgur.com/57EgU2d Also working, at here, with the Arch Linux. It seems that the Debian is not executing the /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/lockscreen/config.qml Tested with the: Breaking the config.qml - You should get an error message: https://imgur.com/fHTtQ2c With the Debian: No error messages. and adding the config.qml line: Component.onCompleted: console.log("Executing this !!") When executing command: kcmshell5 screenlocker There should be output: qml: Executing this !! An image: https://imgur.com/0Td6xBB With the Debian: No output. This seems to be an Debian/Ubuntu problem. Maybe a bug repot in the Debian/Ubuntu bug tracking system will help.
Thank you very much for debugging this. I'll open a bug report on the Debian BTS.
What's the Debian / Ubuntu bug ID ?
(In reply to Tom Chiverton from comment #19) > What's the Debian / Ubuntu bug ID ? The Debian seems to have : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894815
Yes, exactly. That's the bug I created yesterday.
This bug is marked as RESOLVED FIXED, but was this actually ever fixed? Comment #17 suggests that the patch mentioned in comment #7 failed to do the trick for a number of distributions, and the Debian bug (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894815) does not seem to come to any conclusion. I'm currently experiencing this bug on Gentoo Linux (amd64, stable) with Plasma 5.19.5 and I'm wondering wether this is a regression or the same bug that just never got fixed. Operating System: Gentoo Linux KDE Plasma Version: 5.19.5 KDE Frameworks Version: 5.74.0 Qt Version: 5.15.1 Kernel Version: 5.4.72-gentoo OS Type: 64-bit