Closed wontfix. According to the GNOME dev, unlocking your screensaver by pressing a joystick button is not a security issue.

Not just wontfix... with the proposed solution of

"the way to lock down programs from this sort of access is to use flatpak"

Bwawwwhhhaaaahhh

There is so much drama between Gnome and Wayland that if you spend any amount of time looking you will run out of popcorn.

I could understand a little bit if this were reported as a vulnerability in joystickwake, but it seems completely insane to think it could possibly be a vulnerability in GNOME. Code running as you can do things as you, news at 11.

No, it's completely insane that pressing a joystick button can remove the screen lock and this isn't seen as a security issue.

For example in Windows, the screen lock can't be removed without the user authenticating.

By default that would be insane, but if you install and run a program under your credentials to let it do that, that's not GNOME's fault. Also, Windows does let programs do that, via custom credential providers. See, e.g., https://learn.microsoft.com/en-us/archive/msdn-magazine/2007... and https://stackoverflow.com/a/35173886/7509065