Hi,
I'm putting Benjamin in copy as the author of
https://benjamin.sonntag.fr/How-to-lock-a-running-tails-with-a-password.
In this post Benjamin documents how to use gnome-screensaver to lock the
screen in Tails. Having a screen locker has been on our todo list for a
while (#5684) so I'd like to welcome any initiative going in this direction.
I tested Benjamin's instructions, which are pretty straightforward and
they work as expected on Tails 1.7. Then I tested them on Tails Jessie
and found out that:
- gnome-screensaver is already installed by default. I'm not sure
that's expected, so intrigeri should probably have a look. I search
for gnome-screensaver in Git but didn't find anything super
explicit about its addition.
- There's no need to run Benjamin's dconf command to be able to lock
the screen with Win+L.
In other words we already have a screen locker in Tails Jessie :)
... or at least for people who set up an administration password.
Because if people don't set up an administration password, then locking
the screen blanks it but it can be unlocked by pressing any key. This is
probably related to being able to unlock Ctrl-Alt-F terminals without
password on Tails Jessie, see #9408#note-1.
I actually prefer having no password than having "live" as a dummy
password as this makes it more explicit what's really going on.
So, here is my first question:
Is it safe to lock the screen this way in Tails? If it isn't then,
gnome-screensaver should be removed from Tails Jessie. Otherwise people
used to GNOME might use this feature as with their regular GNOME
environment.
My second question:
If gnome-screensaver remains in Tails Jessie, do we want to document
this (with all the due warnings for people without an administration
password) or do we think it will encourage people to set up an
administration password when they don't need to and we don't want to do
that?
And the third one:
If gnome-screensaver remains in Tails Jessie, are we OK with the current
UX for people with no password (blanking the screen but not locking it)?
Otherwise, shall we work on a workaround to disable gnome-screenlocker
for them?
Let me also remind you that our ultimate goal described in [1] is to be
able to ask for a screen locking password when there is none set. This
password should be only for unlocking the screen and shouldn't become a
sudo password as none was set in Tails Greeter. I'm just mentioning this
in case anybody get inspired...
[1]:
https://tails.boum.org/blueprint/screen_locker/