[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNOME 3.34 in GNU Guix and security

From: Ricardo Wurmus
Subject: Re: GNOME 3.34 in GNU Guix and security
Date: Thu, 11 Mar 2021 09:08:54 +0100
User-agent: mu4e 1.4.14; emacs 27.1

Léo Le Bouter <> writes:

> I must come to the conclusion that using GNOME 3.34 in GNU Guix right
> now is just straight out insecure. I would advise we either, get rid of
> GNOME, backport all individual security patches (they can be
> numerous..), or upgrade GNOME to latest and keep up over time.
> I don't think we can afford to spend time backporting security fixes to
> the numerous GNOME packages with CVEs, not with current resources, it
> is time-consuming.

No, GNOME should be upgraded.  I upgraded it twice in the past, and it’s
a lot of work, but certainly not impossible.

I don’t know if anyone is working on it right now, though.  I was told
months ago that Raghav Gururajan was working on GNOME upgrades as part
of the wip-desktop branch, but my occasional questions for a status
upgrade have gone unanswered.  Raghav, please correct me if I’m
mistaken.  It would be good to clarify what is and isn’t the scope of

We™ should upgrade GNOME as soon as possible.  It’s been stuck on 3.34
for much too long.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]