Bug#686648: ioquake3: consider disallowing auto-downloading in wheezy
Markus Koschany
apo at gambaru.de
Fri Sep 14 19:38:50 UTC 2012
On Fri, 14. Sep 10:47 Simon McVittie <smcv at debian.org> wrote:
[snip]
> It's a pity there isn't a distinction between executable and non-executable
> game content - if you could auto-download PK3s, but those PK3s were flagged
> as "not to be searched for QVMs" somehow, then everything would be secure -
> but there isn't, and realistically, this isn't going to change before
> wheezy.
I agree. I think this should be a feature request for upstream but is
nothing someone can change in Debian.
[snip]
> > For example Ubuntu players are playing with version 0.8.5 at the moment
> > and my Debian server is running 0.8.8. If cl_allowDownload was
> > permanently disabled all players which run an older version wouldn't be
> > able to join my server although they only had to download the
> > pak6-patch088.pk3.
>
> As far as I can see, my proposal would not break this. Auto-downloading is
> possible if the server has sv_allowDownload true and the client has
> cl_allowDownload true: my proposal was to knock out cl_allowDownload, but
> leave sv_allowDownload working. Older clients could still download your
> pak6-patch088.pk3, but Debian clients on a future 0.9.0 server would not
> auto-download.
True. I already had future clients in mind. I wanted to express that, if
we had had a similar situation like today, then the players would have been
unable to download the pk3 file.
[snip]
> / Auto-download? \
> \ YES/NO /
>
> WARNING: this is a security risk.
> More information: <http://deb.li/Q3DL>
>
> I've uploaded 0.8.8-7 to experimental with this change. If you (for
> plural values of "you") can improve on this UI or the wording on the
> referenced wiki page, please do!
I took the liberty to download the experimental version and i think the
solution is good. The only thing i noticed was, that if cl_allowDownload
was already set to 1 the warning wouldn't be visible, no matter how many
times you switch between enabled and disabled. You have to restart
OpenArena with auto-downloading set to 0 first and then the warning
appears every time you switch between 0 to 1. Anyway i guess it's not a big
deal because the warning is meant for new players.
The wiki page entry was to the point. I added a german translation, too.
Regards
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20120914/e11827ad/attachment.pgp>
More information about the Pkg-games-devel
mailing list