* GNOME 3.34 in GNU Guix and security
@ 2021-03-11 3:19 Léo Le Bouter
2021-03-11 8:08 ` Ricardo Wurmus
2021-03-11 8:18 ` Mark H Weaver
0 siblings, 2 replies; 11+ messages in thread
From: Léo Le Bouter @ 2021-03-11 3:19 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 454 bytes --]
Hello!
I must come to the conclusion that using GNOME 3.34 in GNU Guix right
now is just straight out insecure. I would advise we either, get rid of
GNOME, backport all individual security patches (they can be
numerous..), or upgrade GNOME to latest and keep up over time.
I don't think we can afford to spend time backporting security fixes to
the numerous GNOME packages with CVEs, not with current resources, it
is time-consuming.
Léo
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-11 3:19 GNOME 3.34 in GNU Guix and security Léo Le Bouter
@ 2021-03-11 8:08 ` Ricardo Wurmus
2021-03-11 8:23 ` Raghav Gururajan
2021-03-11 8:24 ` Jonathan Brielmaier
2021-03-11 8:18 ` Mark H Weaver
1 sibling, 2 replies; 11+ messages in thread
From: Ricardo Wurmus @ 2021-03-11 8:08 UTC (permalink / raw)
To: Léo Le Bouter; +Cc: guix-devel, Raghav Gururajan
Léo Le Bouter <lle-bout@zaclys.net> writes:
> I must come to the conclusion that using GNOME 3.34 in GNU Guix right
> now is just straight out insecure. I would advise we either, get rid of
> GNOME, backport all individual security patches (they can be
> numerous..), or upgrade GNOME to latest and keep up over time.
>
> I don't think we can afford to spend time backporting security fixes to
> the numerous GNOME packages with CVEs, not with current resources, it
> is time-consuming.
No, GNOME should be upgraded. I upgraded it twice in the past, and it’s
a lot of work, but certainly not impossible.
I don’t know if anyone is working on it right now, though. I was told
months ago that Raghav Gururajan was working on GNOME upgrades as part
of the wip-desktop branch, but my occasional questions for a status
upgrade have gone unanswered. Raghav, please correct me if I’m
mistaken. It would be good to clarify what is and isn’t the scope of
wip-desktop.
We™ should upgrade GNOME as soon as possible. It’s been stuck on 3.34
for much too long.
--
Ricardo
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-11 8:08 ` Ricardo Wurmus
@ 2021-03-11 8:23 ` Raghav Gururajan
2021-03-11 9:11 ` Ricardo Wurmus
2021-03-18 21:32 ` Danny Milosavljevic
2021-03-11 8:24 ` Jonathan Brielmaier
1 sibling, 2 replies; 11+ messages in thread
From: Raghav Gururajan @ 2021-03-11 8:23 UTC (permalink / raw)
To: Ricardo Wurmus, Léo Le Bouter, Danny Milosavljevic; +Cc: guix-devel
[-- Attachment #1.1: Type: text/plain, Size: 1208 bytes --]
Hi Ricardo!
> I don’t know if anyone is working on it right now, though. I was told
> months ago that Raghav Gururajan was working on GNOME upgrades as part
> of the wip-desktop branch, but my occasional questions for a status
> upgrade have gone unanswered. Raghav, please correct me if I’m
> mistaken. It would be good to clarify what is and isn’t the scope of
> wip-desktop.
wip-desktop consists of some upgrades, plus, lot of improvements to
gnome packages and it's immediate dependencies. About 50% of them not
merged directly in master. When Danny and I, were merging other 50% to
core-updates, core-updates were broken. So we tried to merge few commits
in master, which got reverted due to high re-builds. I was told by Danny
that we can only merge stuff when c-u is back to normal.
Since huge time has passed, we need to re-work some commits with
rebasing from master. This gonna require testing via huge re-builds.
Danny is working on setting-up a powerful system to do this work.
Let me speak to Danny and get back to you here. Due to the security
nature of this issue, I am willing to spend this month focusing on
GNOME/wip-desktop.
Regards,
RG.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-11 8:23 ` Raghav Gururajan
@ 2021-03-11 9:11 ` Ricardo Wurmus
2021-03-11 9:17 ` Raghav Gururajan
2021-03-18 21:32 ` Danny Milosavljevic
1 sibling, 1 reply; 11+ messages in thread
From: Ricardo Wurmus @ 2021-03-11 9:11 UTC (permalink / raw)
To: Raghav Gururajan; +Cc: guix-devel
Raghav Gururajan <rg@raghavgururajan.name> writes:
> Hi Ricardo!
>
>> I don’t know if anyone is working on it right now, though. I was told
>> months ago that Raghav Gururajan was working on GNOME upgrades as part
>> of the wip-desktop branch, but my occasional questions for a status
>> upgrade have gone unanswered. Raghav, please correct me if I’m
>> mistaken. It would be good to clarify what is and isn’t the scope of
>> wip-desktop.
>
> wip-desktop consists of some upgrades, plus, lot of improvements to
> gnome packages and it's immediate dependencies. About 50% of them not
> merged directly in master. When Danny and I, were merging other 50% to
> core-updates, core-updates were broken. So we tried to merge few
> commits in master, which got reverted due to high re-builds. I was
> told by Danny that we can only merge stuff when c-u is back to normal.
Thanks for the update!
> Since huge time has passed, we need to re-work some commits with
> rebasing from master. This gonna require testing via huge re-builds.
> Danny is working on setting-up a powerful system to do this work.
I think that ci.guix.gnu.org should be capable of building your branch.
> Let me speak to Danny and get back to you here. Due to the security
> nature of this issue, I am willing to spend this month focusing on
> GNOME/wip-desktop.
Excellent! Let me know if there’s anything I can do to assist.
--
Ricardo
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-11 9:11 ` Ricardo Wurmus
@ 2021-03-11 9:17 ` Raghav Gururajan
0 siblings, 0 replies; 11+ messages in thread
From: Raghav Gururajan @ 2021-03-11 9:17 UTC (permalink / raw)
To: Ricardo Wurmus; +Cc: Léo Le Bouter, Danny Milosavljevic, guix-devel
[-- Attachment #1.1: Type: text/plain, Size: 891 bytes --]
Hi Ricardo!
> Thanks for the update!
Also, then reason GNOME work got messed up is that, in wip-desktop, [1]
I was not just working gnome packages, but also its dependencies [2]
Work involved not just updates, but also improvements. This kinda
complicated the "update stuff" norm.
> I think that ci.guix.gnu.org should be capable of building your branch.
On a note, I have put more work on myself. When I was working on
wip-desktop, I made larget commits instead of 'one change per commit'.
So after a discussion, I was asked to split them into smaller chunks. So
I need to get #42958 out of the way.
> Excellent! Let me know if there’s anything I can do to assist.
Thanks! I will be sending new patch-set to #42958. I will let you know,
once I am done. It would be great if you could review and merge them to
core-updates or master.
Regards,
RG.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-11 8:23 ` Raghav Gururajan
2021-03-11 9:11 ` Ricardo Wurmus
@ 2021-03-18 21:32 ` Danny Milosavljevic
2021-03-19 0:10 ` Ricardo Wurmus
2021-03-19 9:13 ` Guillaume Le Vaillant
1 sibling, 2 replies; 11+ messages in thread
From: Danny Milosavljevic @ 2021-03-18 21:32 UTC (permalink / raw)
Cc: Raghav Gururajan, guix-devel
[-- Attachment #1: Type: text/plain, Size: 31899 bytes --]
Hello,
core-updates is still in a pretty bad state.
I'd be glad to merge Raghav's patches (which he already reworked to be current for core-updates!) to core-updates--but right now, Guix packages don't build BEFORE or after applying these patches to core-updates.
Please, let's do something about that.
A short summary of what is at least broken:
[(1) FTP with IPv6--or with the new patch, some other FTP that don't support EPSV (the latter is a server problem, but the former had been bug in Guix). So I guess that one is fixed.]
(2) Source files have been in-place replaced upstream with a lot of packages (see my bug report about the topic). fldigi has such a problem but can just be updated. This is easy to see by just building without substitutes--and it doesn't do anyone any good for me to file individual bug reports for each and every one of those
(3) libusb-for-axoloti build failure (guix build axoloti-patcher-next)
(4) bug applying patches in sources unpacked from zip files (I just posted patch 47203 to guix-patches)
(5) download failed "https://bioconductor.org/packages/release/bioc/src/contrib/DelayedArray_0.16.1.tar.gz" 404 "Not Found"
That doesn't mean that those are the only problems. It means I got frustrated and stopped trying, lest I find more problems (which would be easy).
My current rebuild command for build-testing the first of Raghav's patches is (from guix refresh -l with some editing--because it didn't work without editing. Sigh):
./pre-inst-env guix build -K --no-substitutes foo2zjs docker localed jnettop raul libinstpatch hdup rdup connman rust-gobject-sys rust-gio rust-glib rust-gio-sys rust-gobject-sys rust-gio-sys rust-glib-sys rust-glib rust-glib-sys rust-gio rust-glib rust-gio 4store mdbtools ncdc american-fuzzy-lop sdcv duperemove libticalcs2 ecl-enchant imposm3 spatialite-tools poly2tri-c gnome-shell-extension-hide-app-icon gnome-shell-extension-topicons-redux tiramisu gnome-shell-extension-paperwm gnome-shell-extension-clipboard-indicator gnome-shell-extension-dash-to-dock gnome-shell-extension-dash-to-panel linkchecker fortune-mod rust-gdk-pixbuf-sys rust-gdk-pixbuf rust-gdk-pixbuf rust-gdk-pixbuf-sys rust-gdk-pixbuf rust-atk rust-atk-sys ddcutil irssi rspamd emacs-mu4e-jump-to-list emacs-mu4e-conversation emacs-helm-mu emacs-mu4e-patch mc bitlbee-discord fna mojoshader-cs glyr remid-lv2 nbd ocaml-lwt-log brlaser igt-gpu-tools pscircle ztoolkit rust-cairo-sys-rs rust-cairo-rs rust-cairo-rs rust-cairo-sys-rs rust-cairo-rs libratbag kaldi-gstreamer-server playerctl python2-pyatspi guile-charting xplanet rust-pango rust-pango-sys rust-pango rust-pango rust-pango-sys font-culmus font-fantasque-sans font-meera-inimai font-linuxlibertine fntsample plymouth python-pygraphviz python2-pygraphviz pynac makefile2graph sigrok-cli ibutils rust-andrew rust-smithay-clipboard mesa-opencl-icd picom rakarrack flamp flrig flwrap tigervnc-client dillo tuxpaint-config infamous-plugins sorcer non-sequencer non-timeline non-mixer alex4 virtualgl celestia tao slim chipmunk aseprite python2-mapnik perceptualdiff megacmd feh sxiv screenfetch ranger eureka git-open privoxy fluxbox xmenu idesk xnotify hsetroot python-django-sortedm2m python-django-simple-math-captcha python-django-override-storage python-django-contrib-comments python-easy-thumbnails python-django-assets python-django-auth-ldap python-django-url-filter python-django-netfields python-django-contact-form python-django-logging-json python-django-rq python-django-debug-toolbar-alchemy patchwork python-django-statici18n font-cozette freedoom mcomix conda visidata gajim-omemo python2-ledgerblue nototools python2-anaconda-client python2-reportlab python2-qrcode libfreenect-examples perl-opengl setbfree xfe gmsh extempore sherlock-lv2 zynaddsubfx dragonfly-reverb ninjas2 helm zam-plugins wolf-shaper patchmatrix wolf-spectrum maim xdriinfo glmark2 insight-toolkit insight-toolkit egl-wayland beignet intel-vaapi-driver libvdpau-va-gl mediasdk libva-utils vulkan-tools swayidle kanshi wlr-randr wl-clipboard wev foot wterm pass-otp pass-git-helper python2-xdo clipmenu libstdc++-doc libstdc++-doc python2-pydot darcs pdf2djvu osm2pgsql postgis netcdf-fortran python-netcdf4 nmoldyn domainfinder mes mes-rb5 python-anytree python2-dulwich python2-graphql-core python-ws4py python-locust python-pykka python-gipc python-pykafka uriparser libxmlplusplus pangomm emacs-w3m emacs-blimp emacs-gif-screencast emacs-image+ tango-icon-theme catimg chafa perl-catalyst-plugin-captcha ecl-ltk emacs-theme-magic skribilo solaar wla-dx keepalived python-symengine alacritty python-pylibmc python2-pylibmc rmlint libabigail python-cffi-documentation emacs-helm-notmuch notmuch-addrlookup-c patches neomutt muchsync afew mpd-mpc ncmpc python-cantools bpython python-robotframework-sshlibrary python-robotframework-lint python-falcon-cors python-git-review python-os-client-config websockify pwclient presentty python-mastodon-py python-databricks-cli twitchy poetry cwltool ledger-agent keepkey-agent sshoot python-translate-toolkit xandikos hangups python-mailman-hyperkitty poezio python-celery alot magic-wormhole docker-compose silkaj python-flask-restplus python-pytest-check-links python-flasgger python-swagger-spec-validator emacs-python-black rtv tuir python-django-taggit emacs-py-isort postorius vdirsyncer python-libcst python-dictdiffer python-orator python-flask-restx python-minio python-hyperkitty python-transient python-behave-web-api jrnl python-pytest-virtualenv python-swiftclient knot-resolver python-sphinx-intl python-sphinx-cloud-sptheme python-guzzle-sphinx-theme mdpo khal python-nbsphinx casync certbot python-daemux varnish-modules csvkit dex python2-faker python2-service-identity python2-swagger-spec-validator python2-pika python2-carbon python2-celery python2-sphinx-repoze-autointerface python2-guzzle-sphinx-theme python2-sphinx-cloud-sptheme python2-sphinxcontrib-programoutput paps kmscon ecl-mcclim tectonic guile2.2-charting ghc-chart-cairo grim slurp libgdiplus gromacs pocl slurm slurm slurm openmpi-thread-multiple spindle fftw-openmpi intel-mpi-benchmarks codingquarry raxml pardre bless elpa-openmpi superlu-dist dune-alugrid-openmpi slepc-complex-openmpi netcdf-parallel-openmpi dune-subgrid-openmpi elemental dune-pdelab-openmpi python-pyopencl mpich slurm-drmaa hwloc vl1-emulator bchoppr x42-plugins regrader yoshimi bjumblr bshapr surge-synth fogpad bschaffl dpf-plugins avldrums-lv2 geonkick spectacle-analyzer shiru-lv2 lsp-plugins bsequencer artyfx i3lock-color python2-i3-py quickswitch-i3 swaylock mako i3lock i3-gaps bemenu pdf2svg pdfgrep python-pdftotext xapers yubico-piv-tool texlive texlive-l3build texlive-luaotfload texlive-latex-supertabular texlive-latex-blindtext texlive-mflogo texlive-latex-gcite dot2tex texlive-latex-dinbrief texlive-wasysym texlive-fontspec texlive-latex-acronym texlive-latex-galois texlive-latex-draftwatermark texlive-latex-acmart texlive-beamer texlive-marginnote texlive-latex-g-brief texlive-generic-babel-german texlive-todonotes texlive-latex-polyglossia texlive-latex-xmpincl texlive-pdfx texlive-pstool texlive-latex-amsrefs texlive-latex-changepage velvet fastcap guile-cv chez-scmutils chez-fmt chez-irregex chez-sockets loko-scheme hypre emacs-mit-scheme-doc dealii-openmpi cl-slynk cl-mk-string-metrics cl-s-xml-rpc cl-ltk cl-repl-utilities cl-exponential-backoff cl-geco cl-log cl-portable-threads cl-trivial-timeout cl-clesh cl-clawk cl-printv cl-napa-fft3 cl-cluffer cl-contextl cl-strings cl-unix-opts cl-bordeaux-fft cl-hu.dwim.defclass-star cl-make-hash cl-glyphs cl-maidenhead cl-olc cl-mgrs cl-abnf cl-ixf cl-trivial-benchmark cl-sycamore cl-inflector cl-hu.dwim.common cl-1am cl-envy cl-db3 emacs-sly-stepper cl-qbase64 cl-ascii-table cl-3b-bmfont cl-clamp cl-xmls cl-graph cl-mustache cl-moptilities cl-project cl-coroutine cl-str cl-lquery cl-z85 cl-css cl-livesupport cl-simple-parallel-tasks cl-queues cl-enchant cl-hdf5-cffi cl-magicffi cl-zstd cl-claw-utils cl-autowrap cl-archive cl-deeds cl-supertrace cl-progress-bar cl-find-port cl-prevalence cl-trivial-clipboard cl-markup cl-bst cl-fset cl-origin cl-numcl cl-slug cl-mssql cl-py-configparser cl-nodgui cl-green-threads cl-qrencode cl-base32 ecl-caveman cl-string-match cl-markdown cl-ledger snap cl-uglify-js cl-varjo cl-generic-cl sbcl-clsql cl-clsql cl-quicksearch cl-zs3 cl-prometheus cl-trivial-download cl-ana cl-hooks cl-py4cl cl-burgled-batteries3 cl-datafly cl-mito cl-caveman cl-calispel cl-cmd cl-rdkafka cl-lzlib cl-simple-neural-network cl-clml cl-random-forest cl-dbus cl-common-lisp-jupyter cl-mcclim cl-clx-xembed cl-clx-truetype cl-stumpwm cl-ppath cl-gtwiwtg cl-qmynd pgloader sbcl-stumpwm-net sbcl-stumpwm-kbd-layouts sbcl-stumpwm-globalwindows sbcl-stumpwm-mem stumpwm-with-slynk sbcl-stumpwm-ttf-fonts sbcl-stumpwm-wifi sbcl-stumpwm-swm-gaps sbcl-stumpwm-pass sbcl-stumpwm-winner-mode sbcl-stumpwm-screenshot sbcl-stumpwm-cpu sbcl-stumpwm-stumptray sbcl-stumpwm-numpad-layouts python-pypandoc gp2c eclib cm cmh python-fpylll python-cypari2 python2-cypari2 discrover r-sigpathway r-iclusterplus r-deds r-gagedata r-widgettools r-arrmnormalization r-bhc r-dirichletmultinomial rsem r-annotationtools r-affycomp r-bioccasestudies r-centipede r-affycontam r-ouch r-tinytest r-catdap r-udunits2 r-rismed r-svmisc r-rmpi r-abc-rap r-abf2 r-wesanderson r-acd r-nbclust r-entropy r-hwde r-zeallot r-tdthap r-laplacesdemon r-httpcode r-rcdd r-adgoftest r-acclma r-fmsb r-algdesign r-zseq r-rmpfr r-ctc r-bootstrap r-acnr r-aca r-adagio r-actuar r-adapsamp r-idr r-rots r-ecp r-xyz r-rcpproll r-abcoptim r-scrypt r-protviz r-fst r-bqtl r-dtw r-untb r-boa r-acceptances
ampling r-xmisc r-brglm r-rda r-aspi r-clisymbols r-parmigene r-mcmc r-aggregation r-highlight r-als r-abcrlda r-stabledist r-infotheo r-rsofia r-txtplot r-overlap r-tractor-base r-acopula r-vbsr r-accrued r-pdist r-npsurv r-ksamples r-abps r-blockfest r-survivalroc r-stepwise r-abundant r-rmeta r-abe r-aws r-bindrcpp r-r2html r-hapassoc r-mapproj r-dyn r-dcv r-acss r-strucchange r-performanceanalytics r-acp r-geosphere r-acepack r-noiseq r-tea r-softimpute r-arules r-acrt r-boruta r-triform r-perfmeas r-abcadm r-nabor r-drimpute r-dimred r-forge r-tgstat r-activpalprocessing r-trimcluster r-biased-urn r-zyp r-pastecs r-energy r-acrm r-biodist r-bgmix r-tgconfig r-abcanalysis r-orddom r-diversitree r-birewire r-ggm r-phangorn r-diffusionmap r-bdgraph r-influencer r-rbiofabric r-colorout r-birta r-adaptivesparsity r-abnormality r-zim r-grouped r-flare r-abcp2 r-acfmperiod r-acousticndlcoder r-acm4r r-bisquerna r-activedriver r-acswr r-acet r-sampling r-huge r-ppcor r-ddalpha r-codedepends r-grimport2 r-sparql r-acmer r-mvabund r-raremetals2 r-activity r-snp-plotter r-clusteval r-snpmaxsel r-asd r-tam r-catterplots r-d3network r-semtools r-lassopv r-lpme r-biggr r-ace2fastq r-bibtex r-snakecase r-latex2exp r-ebarrays r-acrosstic r-abodoutlier r-heatplus r-htscluster r-affycompatible r-bgx r-debugme r-sdmtools r-r-devices r-r-huge r-r-filesets r-cobs r-fail r-fhtest r-ldheatmap r-accrual r-irtoys r-metap r-penalized r-coin r r-microbenchmark r-bigmemoryextras r-rbowtie2 r-hpar r-ihw r-genie3 r-dnabarcodes r-wrench r-flowutils r-genomationdata r-copynumber r-bifet r-scde r-qdnaseq r-riboseqr r-hitc r-ideoviz r-ripseeker r-coverageview r-grohmm r-bsgenome-dmelanogaster-ucsc-dm6 r-bsgenome-celegans-ucsc-ce6 r-bsgenome-celegans-ucsc-ce10 r-bsgenome-mmusculus-ucsc-mm10 r-bsgenome-hsapiens-ucsc-hg38 r-motiv r-bsgenome-hsapiens-ncbi-grch38 r-activedriverwgs r-chipcomp r-bsgenome-dmelanogaster-ucsc-dm3-masked r-bsgenome-hsapiens-ucsc-hg19-masked r-deconstructsigs r-snplocs-hsapiens-dbsnp144-grch37 r-bsgenome-mmusculus-ucsc-mm9-masked r-motifrg r-demultiplex r-transphylo r-mboost r-nonnest2 r-spatialextremes r-rgdal r-picante r-crochet r-restrserve r-assertive r-calculus arriba r-erm r-pwr r-collapsibletree r-r4rna r-config r-acebayes r-stam r-rgexf r-directlabels r-argparse r-absim r-rgreat r-rpostgresql jamm r-msir r-flowmeans r-tclust r-topicmodels r-wordcloud r-spelling r-remoter r-blme r-altmeta r-glmmtmb r-abn r-parsedate ribotaper r-abcrf r-sgloptim r-unifiedwmwqpcr r-reordercluster r-activitycounts r-adapenetclass r-acuityview r-reinforcelearn r-sloop r-tidytree r-msigdbr r-tidytext r-oenb r-zvcv r-assertr r-tidypredict r-summarytools r-biobroom r-accelmissing r-abjutils r-styler r-kmer r-keyring r-bioccheck r-acs r-rxnat r-oai r-abbyyr r-europepmc r-cgdsr r-rentrez r-rselenium r-googlesheets r-rticles r-kableextra r-pkgdown r-acmeeqtl r-biocworkflowtools r-knitrbootstrap r-mitml emacs-ess r-savr r-bacon r-m3c r-anota r-nbpseq r-zfpkm roary r-xcms r-psiplot r-ggfortify r-dlmap r-ztype r-enrichr r-useful r-statcheck r-abhgenotyper r-ggpmisc r-acsnminer r-dae r-fastshap r-spectrum r-forecast r-actigraphy r-ggmap r-progeny r-biosigner r-acdm r-lemon r-tidymodels r-hrbrthemes r-valr r-ggplotify r-actogrammr r-dalex r-ggjoy r-wiggleplotr r-pcatools r-harmony r-fivethirtyeight r-depecher r-snapatac r-clustree r-accsda r-adaptalint r-chemometricswithr r-activpal r-activepathways r-fithic r-yamss r-mast r-copywriter r-assertable r-bedr r-parcor r-ac3net r-abemus r-activityindex r-flexsurv r-spacyr r-iml r-stm r-mlr3learners r-mlr3tuning r-xkcd r-weights r-abctools r-haplo-stats r-scdd r-acid r-adabag r-accept r-variancepartition r-factoextra r-analytics r-r2glmm r-moonbook r-catalyst r-rastervis r-destiny r-sjplot r-survminer r-actfrag r-abacus r-learnr r-actcd r-sankeyd3 r-tablerdash r-abcdefba r-adamethods r-vdiffr r-abtest r-abstractr r-citr r-shapforxgboost r-radiant-data r-shinyjqui r-hierfstat r-rmetasim r-bigpint r-aasea r-brms r-tidyposterior r-a3 r-semplot r-abseqr r-linnorm r-abd r-goplot r-iheatmapr r-ioniser r-velocyto ngless r-biocpkgtools r-org-eck12-eg-db r-abaenrichment r-biocset r-org-dr-eg-db r-org-ce-eg-db r-org-mm-eg-db r-annotationfuncs r-biocgraph r-org-dm-eg-db r-pathview r-cistopic r-biocor r-bicare r-seqgl r-webbioc r-reactomepa r-clusterprofiler r-phastcons100way-ucsc-hg19 r-msnid r-mlinterfaces r-yaqcaffy r-timeseriesexperiment r-xbseq tetoolkit r-absfiltergsea r-sva r-sushi r-wavetiling r-pasilla r-gage r-bseqsc r-topgo r-illuminahumanmethylationepicmanifest r-yarn r-bioconcotk r-goseq r-txdb-mmusculus-ucsc-mm10-knowngene r-txdb-celegans-ucsc-ce6-ensgene r-annotatr r-inspect r-wavcluster r-bigmelon r-txdb-hsapiens-ucsc-hg38-knowngene r-atacseqqc r-scone rcas-web r-circus r-gwascat r-varianttools r-karyoploter r-yapsa r-fourcseq r-affycoretools r-cicero-monocle3 r-motifbreakr r-variantfiltering r-genomicinteractions r-allelicimbalance r-cummerbund r-cicero r-chipexoqual r-mutationalpatterns r-rqc r-quasr r-ldblock r-rbamtools r-riboprofiling r-acc r-adapr r-qtl2 r-gqtlstats r-a4 r-gkmsvm r-icobra r-soupx teximpatient fontconfig guix-data-service ganeti-instance-debootstrap kicad-doc cuirass emacs-guix guix-build-coordinator gwl hpcguix-web guile2.2-guix ikiwiki ghc-easyplot ghc-gnuplot ocrodjvu blktrace shogun openfoam mia unison extractpdfmark texlive-base fgallery cups-pk-helper megatools grub-efi grub-hybrid ganeti-instance-guix ganeti xen vlang goaccess herbstluftwm redshift-wayland emacs-ewmctrl i3lock-fancy xss-lock keynav python2-htseq pyicoteo python2-checkm-genome gess couger grit pbtranscript-tofu miso pepr python2-ipywidgets python2-jupyter-console python2-matplotlib-documentation python2-ipyparallel python2-ipython-cluster-helper python2-numpy-documentation python2-shapely dbus-cxx liquidsfz mpdris2 jack-select python-notify2 pulseaudio-dlna kbdd libjcat zplugins r-bioassayr r-diffbind emacs-exwm-no-x-toolkit fvwm guile-present guile2.2-present gnaural calf fluidsynth ir dvdisaster fbreader gtkwave xboard eboard gkrellm gnome-commander gnurobots celestia-gtk gnubik gpa wmfire lv2-mda-epiano lv2-mda-piano azr3 pcb2gcode seq24 tegaki-wagomu-japanese-kyoiku tegaki-zinnia-simplified-chinese-light tegaki-zinnia-japanese-joyo tegaki-zinnia-simplified-chinese tegaki-wagomu-japanese-joyo tegaki-wagomu-traditional-chinese tegaki-zinnia-traditional-chinese tegaki-zinnia-japanese-light tegaki-zinnia-traditional-chinese-light tegaki-zinnia-japanese-kyoiku tegaki-wagomu-japanese tegaki-wagomu-simplified-chinese tegaki-zinnia-japanese python2-tegaki-recognize gtklick gourmet chirp virtaal wicd clipit murrine matcha-theme patchage screentest viewnior gpick mtpaint usbguard libraqm cl-gobject-introspection ecl-cl-gobject-introspection gtx gst123 mcabber freetalk pam-u2f hackneyed-x11-cursors minced sra-tools r-reqon r-liger openni2 java-pep-adapter drip kawa liblouisutdml ruby-atoulme-antwrap java-w3c-svg java-w3c-svg java-w3c-sac clojure-algo-generic clojure-core-match clojure-instaparse clojure-algo-monads clojure-tools-cli translate2geda java-jblas java-ecj java-osgi-service-jdbc java-jakarta-regexp f-seq java-commons-exec java-jmh java-commons-cli java-jline java-commons-exec java-fasterxml-jackson-modules-base-mrbean antlr4 java-jgit abcl hdf-java java-osgi-service-cm bbmap java-eclipse-team-core java-osgi-service-resolver java-httpcomponents-httpcore-ab java-httpcomponents-httpcore-nio java-httpcomponents-httpmime java-htsjdk java-picard java-biojava-alignment java-surefire-junit4 tuxguitar emacs-plantuml-mode java-tomcat josm java-eclipse-jetty-webapp java-xmlgraphics-commons maven-shared-utils maven-compiler-plugin maven-surefire-plugin maven-resources-plugin maven-enforcer-plugin maven-jar-plugin maven-install-plugin dropseq-tools java-jaxen maven axoloti-patcher lxinput gx-slow-gear-lv2 foo-yc20 gx-saturator-lv2 ams-lv2 gx-vbass-preamp-lv2 jack-keyboard jack-capture amsynth whysynth fpm2 xournal inxi xsensors collectd sawfish xsane nitrogen xnee xdialog guile2.2-picture-language nip2 imv pinentry-rofi rofi-pass tint2 jgmenu libcloudproviders fprintd pinentry-tty pinentry-emacs pass-tomb pinentry-gtk2 msmtp vala-lan
guage-server libgrss phodav python2-nbxmpp skopeo msitools chezmoi wpewebkit bluez-alsa emacs-bluetooth tlp csound cava libsoundio darkice xmp wildmidi opensurge marble-marcher extremetuxracer mars allegro minetest cli-visualizer conky emacs-pulseaudio-control praat libcanberra-gtk2 cl-radiance ecl-radiance pulsemixer ponymix noisetorch pamixer fldigi multimon-ng gens-gs dosbox desmume gzochi pipewalker azimuth povray libvisual-plugins schismtracker kobodeluxe armagetronad ghc-sdl-image ri-li freegish chromium-bsu foobillard++ prboom-plus burgerspace kiki knights meritous abe ltris gcompris bennu-game-development-modules pinball pingus gnujump odamex barrage adanaxisgpl ghc-sdl-mixer freedroidrpg tuxmath grafx2 xmoto manaplus enigma slimevolley tuxpaint 4dtris hyperrogue tennix einstein chroma fillets-ng lush2 btanks spatialite-gui brltty libtgvoip polybar i3status giac lierolibre cdemu-client mpc123 ecasound abcde asunder ripit emacs-org-emms emacs-helm-emms emacs-emms-mode-line-cycle ripperx orpheus thermald wmbattery qjackrcd confclerk avogadro2 cvassistant fet qtmips inspekt3d heimdall uefitool pokerth leela-zero pinentry-qt modemmanager-qt bluez-qt kapidox kimageformats qlogo mcrl2 powertabeditor libcamera scorep-openmpi pumpa qtserialbus wpa-supplicant-gui librecad cutter fritzing qpdfview robocut qtpurchasing qtremoteobjects qtwebview materialdecoration pencil2d tipp10 q5go papagayo qsynth qjackctl alsa-modular-synth qbittorrent cmst sddm emacs-djvu pulseview librepcb bitcoin-abc monero-gui flowee fulcrum bitcoin-core bitcoin-unlimited tiled chessx the-butterfly-effect xygrib gpxsee brdf-explorer scantailor-advanced itk-snap flameshot leocad lxqt-archiver speedcrunch xaos nheko quaternion qmidiroute drumkv1 muse-sequencer samplv1 hydrogen padthv1 sonivox-eas fmit synthv1 qmidiarp vmpk rosegarden wireshark qtpass keepassxc photoflare qtspell libqglviewer qtcolorwidgets stellarium meshlab quassel kjsembed poxml dotherside cockatrice qtwebglplugin fcitx5-chinese-addons luminance-hdr hplip toutenclic trezor-agent electron-cash veusz frescobaldi flyer-composer asymptote pyzo offlate openmolar manuskript onionshare python-pyqt-without-qtwebkit qview drawpile wsjtx js8call scribus owncloud-client qsyncthingtray synergy mumble twinkle cool-retro-term texmaker lyx texmacs libde265 avidemux mkvtoolnix libdc1394 qsstv kristall qjson copyq uim-qt poppler-qt4 pybitmessage squeak-vm spice-vdagent autofs python2-libvirt tigervnc-server xssproxy axoloti-patcher-next lua5.1-lgi awesome lua5.2-lgi key-mon guile-sly numlockx xf86-video-qxl xf86-video-i128 xf86-video-trident xf86-video-glint xf86-video-vesa xf86-video-mach64 xf86-video-suncg6 xf86-video-tdfx xf86-video-tga xf86-video-openchrome xf86-video-neomagic xf86-video-voodoo xf86-input-synaptics xf86-video-sis xf86-video-fbdev xf86-video-nv xf86-video-sunffb xf86-video-cirrus xf86-video-vmware xf86-video-freedreno xf86-video-nouveau xf86-input-joystick xf86-input-void xf86-video-ast xf86-video-ark xf86-input-evdev xf86-video-amdgpu xf86-video-savage xf86-video-mga xf86-video-geode xf86-video-intel xf86-video-r128 xf86-video-siliconmotion xf86-video-ati gtkd gcompris-qt qucs-s pcb-rnd geda-gaf openscad parcimonie beast gobby ingen qtractor snd lv2toweb jalv-select deluge transmission cinnamon-desktop rust-gdk-sys rust-gtk rust-pangocairo-sys rust-gdk rust-gdk-sys rust-gtk-sys rust-pangocairo rust-gdk rust-pangocairo scanmem mdk klavaro guile-emacs emacs-next eless emacs-origami-el emacs-ag emacs-elmacro emacs-spaceline-next emacs-dart-mode emacs-deadgrep emacs-amx emacs-helm-org-contacts emacs-frames-only-mode emacs-html-to-hiccup emacs-refactor emacs-github-review emacs-tagedit emacs-psc-ide emacs-boon emacs-org-contrib emacs-helm-cider emacs-lispyville emacs-lpy emacs-evil-collection emacs-org-web-tools emacs-robot-mode emacs-auto-sudoedit emacs-prodigy-el emacs-minitest emacs-helm-pass emacs-ivy-pass emacs-pass emacs-company-lua emacs-magit-todos emacs-shroud emacs-ob-ipython emacs-ivy-clipmenu emacs-elm-mode emacs-docker-compose-mode emacs-typit emacs-zerodark-theme emacs-dockerfile-mode emacs-org-drill-table emacs-ido-ubiquitous emacs-company-reftex emacs-literate-calc-mode emacs-execline emacs-yasnippet-snippets emacs-rg emacs-unpackaged-el emacs-counsel-notmuch emacs-helm-lsp emacs-ccls emacs-lsp-lua-emmy emacs-company-lsp emacs-lsp-ui emacs-lsp-ivy emacs-org-generate emacs-org2web emacs-academic-phrases emacs-treemacs-extra emacs-mu4e-alert emacs-org-sidebar emacs-ox-pandoc emacs-docker emacs-nix-mode emacs-ws-butler emacs-browse-at-remote emacs-org-roam-bibtex emacs-repo emacs-skeletor emacs-evil-multiedit emacs-doom-themes emacs-ample-regexps emacs-helm-company emacs-dumb-jump emacs-evil-exchange emacs-string-inflection emacs-equake emacs-suggest emacs-counsel-dash emacs-helm-dash emacs-md4rd emacs-helm-slack emacs-lsp-java emacs-rocket-chat emacs-org-jira emacs-4clojure emacs-tldr emacs-anki-editor emacs-webpaste emacs-edbi-sqlite emacs-company-jedi emacs-zotxt emacs-pubmed emacs-butler emacs-helm-org-rifle emacs-attrap emacs-dired-rsync emacs-dante emacs-tide emacs-hy-mode emacs-helpful emacs-simple-mpc emacs-jenkinsfile-mode emacs-chronometrist emacs-evil-mc emacs-js2-refactor-el emacs-elfeed-org emacs-org-trello emacs-elpy emacs-standard-dirs emacs-matrix-client emacs-major-mode-hydra emacs-org-make-toc emacs-pyim emacs-rime emacs-ivy-posframe emacs-frog-jump-buffer emacs-company-posframe emacs-flycheck-grammalecte emacspeak emacs-tramp emacs-sudo-edit emacs-racer emacs-racket-mode emacs-company-quickhelp emacs-company-auctex emacs-cdlatex emacs-org-edit-latex emacs-picpocket emacs-exwm-edit emacs-exwm-x emacs-helm-exwm guile-studio emacs-mew hop emacs-wide-int presage fcitx-configtool fcitx5-gtk homebank fontmanager sfxr freeciv pioneers gnome-chess dia libxmlb papirus-icon-theme materia-theme greybird-gtk-theme florence cbatticon uget linuxdcpp dunst udiskie profanity toxic libgovirt grisbi malcontent gnome-sudoku gnome-dictionary goffice zeitgeist notification-daemon libdmapsharing gtg xarchiver krb5-auth-dialog gnome-mahjongg d-feet soundconverter gdl komikku markets passwordsafe dconf-editor glimpse openttd gimp-fourier gimp-resynthesizer five-or-more network-manager-openconnect network-manager-openvpn gnome-klotski seahorse network-manager-vpnc terminator sakura tilda deja-dup gthumb abiword byzanz piper authenticator bluefish eog-plugins glabels gobby gpsd gpscorrelate goxel nextpnr-ice40 arachne-pnr gamine pidgin-otr purple-mattermost telegram-purple bitlbee-purple beets-bandcamp beets-next guitarix-lv2 guitarix gparted gnote workrave tascam-gtk paprefs dnssec-trigger lepton-eda gramps sylpheed volumeicon gpredict gxmessage rage terminology econnman epour ephoto evisum lekha edi pinentry-efl ibus-rime ibus-anthy ibus-libhangul ibus-libpinyin libopenmpt genimage bsnes mednafen nestopia-ue emulation-station higan sameboy mupen64plus-video-z64 mupen64plus-video-arachnoid mupen64plus-rsp-z64 mupen64plus-ui-console mrrescue dhewm3 ioquake3 libtcod vkquake openclonk supertuxkart quakespasm lugaru 7kaa endless-sky fizmo openrct2 wesnoth-server astromenace freeorion stepmania bzflag warzone2100 paperview xonotic gzdoom yamagi-quake2 mrg mygui milkytracker qtgamepad aseba neverball ufoai easyrpg-player augustus frotz-sdl taisei julius tesseract-engine colobot wesnoth abbaye red-eclipse pioneer tome4 widelands trigger-rally flare-game freedink meandmyshadow edgar solarus-quest-editor python2-kivy python-kivy gource supertux teeworlds unknown-horizons crawl-tiles cdogs-sdl starfighter cataclysm-dda raincat guile-chickadee tsukundere sdl2-cs guile-sdl2 jumpnbump lure-it lure-es lure-de lure-fr queen-fr queen-de sky queen lure queen-it drascula blobwars crispy-doom chocolate-doom gnash libvideogfx ccextractor moc ardour bs1770gain lmms reprotest emacs-telega ppsspp dolphin-emu pcsxr mgba retroarch renpy warsow-qfusion hedgewars corsix-th gnunet-gtk guile-gnunet blender openscenegraph flightgear directfb openmw blender cozy rapid-photo-downloader kodi linphoneqt mssilk msopenh264 mswebrtc msamr ungoogled-chromium-wayland xdg-desktop-portal-gtk alsa-plugins qtox clementine picard canta
ta mpd demlo pianobar audacious cmus emacs-ob-sclang zeal qmapshack emacs-calibredb ghostwriter qutebrowser kiwix-desktop readymedia obs-wlrobs obs-spectralizer mplayer synfigstudio emacs-ytdl emacs-youtube-dl gpodder instantmusic kodi-cli youtube-viewer straw-viewer wlstream motion vapoursynth simplescreenrecorder anki curseradio mpv-mpris wf-recorder xarcan arcan-wayland arcan-sdl gnome-arcade openshot you-get transcode ffmpeg omnitux childsplay slingshot impressive retux bambam roguebox-adventures seahorse-adventures frozen-bubble theorafile looking-glass-client wine64 geeqie mypaint inklingreader inkscape srain gnubg quadrapassel gnome-multi-writer linsmith gnome-planner ocaml4.07-expect ocaml4.07-merlin bap laby emacs-tuareg ocaml-xmlm ocaml-markup ocaml-craml ocaml-jsonm ocaml-tsdl ocaml-down ocaml-stringext ocaml-batteries ocaml-base64 ocaml-hex ocaml-merlin ocaml-ocb-stubblr ocaml-lwt-react ocaml-reactivedata gsegrafix guile-gnome aisleriot sound-juicer icedove-wayland geierlein icedove python-pycanberra claws-mail hexchat pavucontrol kitty unoconv gmtp pan notifymuch tootle aris qalculate-gtk dino utox mcg sonata pragha gxtuner solfege musescore blueman nicotine+ sideload pantheon-calculator assword xournalpp pdfarranger pdfpc entangle rawtherapee darktable polkit-gnome pasystray python2-cairocffi python-dogtail graphite-web freecad python-faiss python-pytest-mpl variant-tools lightgbm python-scikit-fuzzy python-pydub nanovna-saver python-baycomp python-git-hammer fdroidserver python-telethon electrum python-hypercorn python-sanic xeus python-onnx python-ipython-cluster-helper python-pari-jupyter r-irkernel guix-jupyter ruby-iruby python-numpy-documentation python-matplotlib-documentation python-matplotlib-venn python-shapely python-ipython-documentation fenics weasyprint xnec2c racket eid-mw vinagre virt-viewer syncthing-gtk blanket telegram-desktop termite scintilla geany xsnow tryton pitivi gaupol handbrake guvcview peek celluloid castor icedtea-web netsurf emacs-xwidgets emacs-next-pgtk gnome-mines easytag eolie r-pore superstarfighter arx-libertatis gnome-recipes rhythmbox gnome-music gnome-tweaks lxde spacefm gnome-photos memphis shotwell gnome-todo chatty lollypop evolution geary gnucash emacsy guile2.2-gi guile-gi jami nyxt cl-webkit ecl-cl-webkit astroid surf liferea luakit midori vimb dxvk wxwidgets-gtk2 golly sooperlooper amule aegisub djvusmooth didjvu youtube-dl-gui dvdstyler audacity boinc-client xchm elixir filezilla freedink-dfarc 0ad megaglest opencpn wxmaxima aria-maestosa pwsafe hugin poedit kicad qgis plover redshift arandr kodi-wayland waybar screen-message xscreensaver wofi catfish elementary-xfce-icon-theme xfce4-volumed-pulse xfce4-screensaver lightdm-gtk-greeter xfce4-whiskermenu-plugin xfce4-statusnotifier-plugin xfce4-mount-plugin xfce4-cpufreq-plugin xfce4-stopwatch-plugin orage xfce4-equake-plugin xfce4-verve-plugin xfce4-embed-plugin xfce4-mpc-plugin xfce4-notifyd xfce4-diskperf-plugin xfce4-mailwatch-plugin xfburn xfce4-time-out-plugin xfce4-weather-plugin xfce4-systemload-plugin xfce4-smartbookmark-plugin xfce4-netload-plugin xfce4-screenshooter xfce4-wavelan-plugin xfce4-genmon-plugin xfce4-cpugraph-plugin xfce4-timer-plugin xfce4-eyes-plugin xfce4-places-plugin xfce4-datetime-plugin xfce4-calculator-plugin xfce4-fsguard-plugin xfce xfce4-taskmanager xpra uim-gtk xpad gitg denemo coq-stdpp coq-gappa proof-general coq-interval coq-equations coq-autosubst meld rednotebook pspp mousepad setzer gnome-latex gnome-builder nomad zrythm virt-manager saga nomacs libfreenect-opencv qiv fcitx5-configtool kajongg kpmcore ksshaskpass kdesu qqc2-desktop-style ffmpegthumbs zeroconf-ioslave kcachegrind kamoso kxstitch kblog kwave ksystemlog sweeper kmag kmouth kronometer ktouch audiocd-kio k3b okteta kdf kdeconnect kmplayer choqok ksnakeduel kfourinline kigo kubrick kblocks picmi konquest kmahjongg kspaceduel bovo kbreakout palapeli kreversi kbounce knavalbattle kshisen kiriki ksquares kmines kgoldrunner killbots kollision kjumpingcube kdiamond ktuberling ksudoku ksirk knetwalk bomber kapman granatier kolf kblackbox lskat klines ktorrent krdc kget konversation juk kaffeine dragon kmix kopete kleopatra kaddressbook kdepim-runtime kmail akregator kgpg knotes korganizer kdenlive krfb yakuake dolphin-plugins khelpcenter kmousetool krusader rsibreak kate smb4k okular krita kdevelop lxqt-connman-applet screengrab lxqt elisa kscreenlocker zathura-pdf-mupdf zathura-cb zathura-pdf-poppler zathura-djvu zathura-ps python-biom-format pigx umi-tools cnvkit pplacer python-plastid python-deeptools nanopolish tadbit clipper python-velocyto tbsp python-bbknn python-opentsne python-scikit-rebate python-keras python-iml python-slurm-magic python-moto python-pysnptools python-language-server python-hicexplorer python-hic2cool python-pygenometracks python-scikit-image synapse python-feather-format python-plotly python-rpy2 fio python2-biom-format python2-plastid python2-pybedtools python2-plotly python2-partd python2-warpedlmm ribodiff python-scanpy poretools gqrx jucipp vim-full enlightenment weston numix-gtk-theme arc-theme gnome-shell-extension-gsconnect cagebreak sway polari gnome ghex parlatype gtranslator balsa mate-screensaver caja-extensions mate
Anyway--after that, I built with keep-going (-k) and the first patch seems OK otherwise (?).
But just to be clear, I'm not going to do this Rube Goldberg style test-and-edit-unrelated-files process every time I want to merge a patch to core-updates. Especially not now--I have bigger fish to fry.
If you can get core-updates into a state where stuff works before Raghav's patches, I can take care of merging Raghav's patches...
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-18 21:32 ` Danny Milosavljevic
@ 2021-03-19 0:10 ` Ricardo Wurmus
2021-03-19 9:13 ` Guillaume Le Vaillant
1 sibling, 0 replies; 11+ messages in thread
From: Ricardo Wurmus @ 2021-03-19 0:10 UTC (permalink / raw)
To: Danny Milosavljevic; +Cc: guix-devel, Raghav Gururajan
Hi Danny,
> (3) libusb-for-axoloti build failure (guix build axoloti-patcher-next)
This has been fixed in 1daedaa8646696783c88553e03035d547fd001ca.
> (5) download failed
> "https://bioconductor.org/packages/release/bioc/src/contrib/DelayedArray_0.16.1.tar.gz"
> 404 "Not Found"
This was fixed in f10f2745eb1ec38eae5c41323f31980d2dd1f38c.
(These are on the “master” branch.)
--
Ricardo
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-18 21:32 ` Danny Milosavljevic
2021-03-19 0:10 ` Ricardo Wurmus
@ 2021-03-19 9:13 ` Guillaume Le Vaillant
1 sibling, 0 replies; 11+ messages in thread
From: Guillaume Le Vaillant @ 2021-03-19 9:13 UTC (permalink / raw)
To: Danny Milosavljevic; +Cc: guix-devel, Raghav Gururajan
[-- Attachment #1: Type: text/plain, Size: 732 bytes --]
Danny Milosavljevic <dannym@scratchpost.org> skribis:
> Hello,
>
> core-updates is still in a pretty bad state.
>
> [...]
>
> A short summary of what is at least broken:
>
> [...]
> (2) Source files have been in-place replaced upstream with a lot of packages (see my bug report about the topic). fldigi has such a problem but can just be updated. This is easy to see by just building without substitutes--and it doesn't do anyone any good for me to file individual bug reports for each and every one of those
> [...]
Concerning the disappearing source tarballs of older fldigi versions on
the official website, it has been fixed on master
(65e9f13116edc58836cdbd1da60bfb81a3d58c82), but core-updates hasn't
merged that in yet.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-11 8:08 ` Ricardo Wurmus
2021-03-11 8:23 ` Raghav Gururajan
@ 2021-03-11 8:24 ` Jonathan Brielmaier
1 sibling, 0 replies; 11+ messages in thread
From: Jonathan Brielmaier @ 2021-03-11 8:24 UTC (permalink / raw)
To: guix-devel
Am 11.03.21 um 09:08 schrieb Ricardo Wurmus:
>
> Léo Le Bouter <lle-bout@zaclys.net> writes:
>
>> I must come to the conclusion that using GNOME 3.34 in GNU Guix right
>> now is just straight out insecure. I would advise we either, get rid of
>> GNOME, backport all individual security patches (they can be
>> numerous..), or upgrade GNOME to latest and keep up over time.
>>
>> I don't think we can afford to spend time backporting security fixes to
>> the numerous GNOME packages with CVEs, not with current resources, it
>> is time-consuming.
>
> No, GNOME should be upgraded. I upgraded it twice in the past, and it’s
> a lot of work, but certainly not impossible.
>
> I don’t know if anyone is working on it right now, though. I was told
> months ago that Raghav Gururajan was working on GNOME upgrades as part
> of the wip-desktop branch, but my occasional questions for a status
> upgrade have gone unanswered. Raghav, please correct me if I’m
> mistaken. It would be good to clarify what is and isn’t the scope of
> wip-desktop.
I tried rebasing wip-gnome3.36 to master. I'm not done yet... But I
thinks its easier then merging the wip-desktop branch, because that one
is huge and a bit dirty...
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-11 3:19 GNOME 3.34 in GNU Guix and security Léo Le Bouter
2021-03-11 8:08 ` Ricardo Wurmus
@ 2021-03-11 8:18 ` Mark H Weaver
2021-03-11 8:28 ` Léo Le Bouter
1 sibling, 1 reply; 11+ messages in thread
From: Mark H Weaver @ 2021-03-11 8:18 UTC (permalink / raw)
To: Léo Le Bouter, guix-devel
Hi Léo,
I appreciate your recent work on Guix security. Thank you for that.
Léo Le Bouter <lle-bout@zaclys.net> writes:
> I must come to the conclusion that using GNOME 3.34 in GNU Guix right
> now is just straight out insecure. I would advise we either, get rid of
> GNOME, backport all individual security patches (they can be
> numerous..), or upgrade GNOME to latest and keep up over time.
Can you please substantiate this? What vulnerabilities do you know of,
and what makes you think that we can't address them adequately in the
usual ways, without "upgrading GNOME to [the] latest"?
I saw your bug report about our Glib being vulnerable to CVE-2021-27218
and CVE-2021-27219. Thanks very much for bringing that our attention.
> I don't think we can afford to spend time backporting security fixes to
> the numerous GNOME packages with CVEs, not with current resources, it
> is time-consuming.
I'll backport the fixes to our version of Glib. It will actually be
quite easy, given that Ubuntu has already published backports of the
fixes for Glib 2.56.4 and 2.64.4, which brackets the version in Guix
(2.62.6). I just looked at the diffs between those two patch sets, and
the differences are quite slight, apart from line number differences.
Besides CVE-2021-{27218,27219}, do you know of other known security
issues that would justify your claim that "using GNOME 3.34 in GNU Guix
right now is just straight out insecure"?
Thanks,
Mark
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: GNOME 3.34 in GNU Guix and security
2021-03-11 8:18 ` Mark H Weaver
@ 2021-03-11 8:28 ` Léo Le Bouter
0 siblings, 0 replies; 11+ messages in thread
From: Léo Le Bouter @ 2021-03-11 8:28 UTC (permalink / raw)
To: Mark H Weaver, guix-devel
[-- Attachment #1: Type: text/plain, Size: 1613 bytes --]
On Thu, 2021-03-11 at 03:18 -0500, Mark H Weaver wrote:
> Hi Léo,
Hello!
> I appreciate your recent work on Guix security. Thank you for that.
Very happy to catch up there as well for my own usage of GNU Guix as
well!
> Can you please substantiate this? What vulnerabilities do you know
> of,
> and what makes you think that we can't address them adequately in the
> usual ways, without "upgrading GNOME to [the] latest"?
I have not yet fully investigated each CVE but there is uncertainty
around gnome-shell, gvfs, librsvg, gdk-pixbuf, pango, cairo, if not
more. You can use 'guix lint -c cve <pkg>' to find out, also look up in
NVD individually in case GNU Guix doesnt find it.
I am always uneasy relying on CVE only for security patches since I
know how much lots of security issues are fixed by developers without
issuing any CVE, so to me the best way of keeping up is to always be on
latest.
> I saw your bug report about our Glib being vulnerable to CVE-2021-
> 27218
> and CVE-2021-27219. Thanks very much for bringing that our
> attention.
>
> I'll backport the fixes to our version of Glib. It will actually be
> quite easy, given that Ubuntu has already published backports of
> the
> fixes for Glib 2.56.4 and 2.64.4, which brackets the version in Guix
> (2.62.6). I just looked at the diffs between those two patch sets,
> and
> the differences are quite slight, apart from line number differences.
I am really happy you are willing to help! I will have to admit that I
am a bit overwhelmed by the amount of work that I have left still.
Léo
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2021-03-19 9:14 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-11 3:19 GNOME 3.34 in GNU Guix and security Léo Le Bouter
2021-03-11 8:08 ` Ricardo Wurmus
2021-03-11 8:23 ` Raghav Gururajan
2021-03-11 9:11 ` Ricardo Wurmus
2021-03-11 9:17 ` Raghav Gururajan
2021-03-18 21:32 ` Danny Milosavljevic
2021-03-19 0:10 ` Ricardo Wurmus
2021-03-19 9:13 ` Guillaume Le Vaillant
2021-03-11 8:24 ` Jonathan Brielmaier
2021-03-11 8:18 ` Mark H Weaver
2021-03-11 8:28 ` Léo Le Bouter
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).