Hi all, On Tue, Apr 2 2024 at 08:23:40 AM +0000, Attila Lendvai wrote: >> There's actually suspicious code by the xz attacker in one of our >> packages right now: >> >> >> >> Please help review that patch! > > > as for gpaste (one of the dependees of libarchive): > > it doesn't build since the recent gnome merge. i've filed a patch for > the necessary version bump: > > > > which also gets rid of the libarchive dependency. I mentioned this on the guix XMPP server. Thanks for fixing this! > > it would be nice to get this fast tracked. although, judging from the > (lack of) complaints, i might be the only user of it. > > PS: and meanwhile we're packaging an alternative, namely > gnome-shell-extension-clipboard-indicator, with an enormous security > flaw: by default it saves the clipboard history in clear text, and > calls the feature "cache only favorites", so that even if you look > for it, you still don't realize it: > > > > ...and its author actively defends this situation. I used gpaste up until the merge and went to use the extension. I had absolutely no idea this was the state of things; that is very worrying. I'm keen to see your patch fasttracked - you're not the only user, haha! > > -- > • attila lendvai > • PGP: 963F 5D5F 45C7 DFCD 0A39 > -- > “The noble-minded are calm and steady. Little people are forever > fussing and fretting.” > — Confucius (551–479 BC), 'Analects of Confucius' Thanks, Ada