On Fri, 14. Sep 10:47 Simon McVittie <smcv@debian.org> wrote: [snip] > It's a pity there isn't a distinction between executable and non-executable > game content - if you could auto-download PK3s, but those PK3s were flagged > as "not to be searched for QVMs" somehow, then everything would be secure - > but there isn't, and realistically, this isn't going to change before > wheezy. I agree. I think this should be a feature request for upstream but is nothing someone can change in Debian. [snip] > > For example Ubuntu players are playing with version 0.8.5 at the moment > > and my Debian server is running 0.8.8. If cl_allowDownload was > > permanently disabled all players which run an older version wouldn't be > > able to join my server although they only had to download the > > pak6-patch088.pk3. > > As far as I can see, my proposal would not break this. Auto-downloading is > possible if the server has sv_allowDownload true and the client has > cl_allowDownload true: my proposal was to knock out cl_allowDownload, but > leave sv_allowDownload working. Older clients could still download your > pak6-patch088.pk3, but Debian clients on a future 0.9.0 server would not > auto-download. True. I already had future clients in mind. I wanted to express that, if we had had a similar situation like today, then the players would have been unable to download the pk3 file. [snip] > / Auto-download? \ > \ YES/NO / > > WARNING: this is a security risk. > More information: <http://deb.li/Q3DL> > > I've uploaded 0.8.8-7 to experimental with this change. If you (for > plural values of "you") can improve on this UI or the wording on the > referenced wiki page, please do! I took the liberty to download the experimental version and i think the solution is good. The only thing i noticed was, that if cl_allowDownload was already set to 1 the warning wouldn't be visible, no matter how many times you switch between enabled and disabled. You have to restart OpenArena with auto-downloading set to 0 first and then the warning appears every time you switch between 0 to 1. Anyway i guess it's not a big deal because the warning is meant for new players. The wiki page entry was to the point. I added a german translation, too. Regards Markus
Attachment:
signature.asc
Description: Digital signature