From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id eI5JGdXTSWBbFAAA0tVLHw (envelope-from ) for ; Thu, 11 Mar 2021 08:24:53 +0000 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id 2LXGFNXTSWB2BAAAbx9fmQ (envelope-from ) for ; Thu, 11 Mar 2021 08:24:53 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 171DD28BEA for ; Thu, 11 Mar 2021 09:24:53 +0100 (CET) Received: from localhost ([::1]:37110 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lKGcm-00064l-7b for larch@yhetil.org; Thu, 11 Mar 2021 03:24:52 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:39672) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lKGcN-00063y-5v for guix-devel@gnu.org; Thu, 11 Mar 2021 03:24:27 -0500 Received: from mout.web.de ([212.227.17.12]:56675) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lKGcL-0000nU-CE for guix-devel@gnu.org; Thu, 11 Mar 2021 03:24:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1615451062; bh=EaS//uEe50lGq53BpDhPLw5LCKDTv1A+Br5A614E0qA=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=fzt+q8/tvz+fV3hNVjBSm4tYELW0WjJwvdZadvf1AnvNklx6DoGxiqA/fFjV6j/hM gXwyiiKown/rd8Sk4svzMAWT7/01oaXRtpyQ19EGBfWiFV77r1C24jLDqvUPz6QCpl RBrLXmqslFhwk3Tq6pxLBBsQK70i1AVmvOqNd7Sg= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from linux.fritz.box ([5.146.192.139]) by smtp.web.de (mrweb105 [213.165.67.124]) with ESMTPSA (Nemesis) id 1MfKxV-1lvn1a3SPr-00gVLo for ; Thu, 11 Mar 2021 09:24:21 +0100 Subject: Re: GNOME 3.34 in GNU Guix and security To: guix-devel@gnu.org References: <4720e347b48bd6ca4710b461cadecf0b65aa6442.camel@zaclys.net> <87im5yqfhl.fsf@elephly.net> From: Jonathan Brielmaier Message-ID: <0ce31031-2cf5-f981-71fc-8c1e4b743433@web.de> Date: Thu, 11 Mar 2021 09:24:21 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0 MIME-Version: 1.0 In-Reply-To: <87im5yqfhl.fsf@elephly.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:j3umlDMYcfBMuV8vzt2JuOUX+hZt0ydloHjhYfHB0wXlOmX3Lhg rCGNWD96o9ndcdNHBE8vA9/2H4Opv9O0NkeJiSdYIUKTXLh5Ptf4INS3AG+cvYf3ELWRRBx xwrole95VbVDa2wR/FshE0Jlb1bn9modoX4gbFzWYr11y+3z9QpVyIkGsOMSKg42BFIMj3s uPKgOfytNfSIPaHpwu26Q== X-UI-Out-Filterresults: notjunk:1;V03:K0:nHSL5hcgGqs=:j4DWB89HcPlC7eWi+uWLpb iJ7w4AyYLOkbYpeFpStF55x2O1nTqiyauG9a55xw+ukoYbUzKD77DUCGBbNTkX054QqBan6eA RGp2xrblnOGPN9EV66VNNNe6w3c8KwW6sMA5ugjaZTEX0tPt57UdpJxKJxL66HrF0OOEl+oXw /hs/mV5A8HrRnRgTSArdno3LDivS4VBNj2/NzNUtMC1W0aDuC9IWNcrcqYBS7Xbk4osqOccur WLghvOZcnjCcjhhVJHeSY4gHkYiOnewW27d36qbsVJY39ar4bahPhnOhhBpTJcUphnuYzA7U+ Un3N/hvuD3ELdZWnk9TEnz+/44rtc+o8n602q0+7OEBTbBp7LxKeWzyCTQ6s11gkh9aRwHRxy cfITFIJPgK0tzWvN9uokXa1vpKxwNvzFllx/aK+0Qlajaq+dbGIysnnFVyjEy/Z37qySYjeyr jFTaPShN46ExbzbxaJsoqtpuhLhbvSyi8Q2oU+yVFmlBSXCZ4tbqySq4DlzI8ix2G+PsPtGut nPaiHtKvkCFM/efoSepWUr6SzTgn7sTA2iOouOIpT0WEijmAiq+Wo+cQfe3EA8bsqWTDWBCLF JUT56Wh2j8y2QbGNsG1OuaHSHUy3HDGsFUo2UNTz+/YAOTsYwviG9+cM4vPZK3eB3BrhgWrwv cl8H1O/f5DU7w4+ywKAgThpzguJxhccwQAZCkKKzJW4A2Mb/dcPkb6+5gunaC90eAlPpqmNoW 7/X+nJ9LstG83E4X2PvgYooe7SA8qIu8qtYQnCFjHw6wy12dtim6xJ9PM82IPTu9x3jB5eMYz PlaY+ZWvxRHg17Rwk5MowFT2sjik4J39FWzrFgdu8Jt2i7cnLbLvhZJGObMtD30uMNzz0TPen Xc98kuwQVYQSgMhh4TgOADBSCa3O94Xgd27/02ZMQ= Received-SPF: pass client-ip=212.227.17.12; envelope-from=jonathan.brielmaier@web.de; helo=mout.web.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1615451093; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=BeOu1i2sCIhjkvmvFejY71fnqnW3M42ewFZqmjFIbDU=; b=iUn8PD+9CNEuuWQ+Yb5vBGpIWODSwfZmvh9IjU2s0sCU+kboavY1qJ6uFdWnNEzWULaB+n JofpHITrBfgv7bngtYfKWvml0XramnAMZdShRIoauooqOeW8Of/Gws5YbVZmREZHH4eTJC NVgfi+d83K1c+lxL6Eb1+RE6vU2lVMN3QN81C0q5Ls9nFzKDdsbXL6un/FZA2lSGbDea0d a53ShJW55zGqlSPhZb36Y67llxMj2R7NIdk56IQyDH9mxPgolxtjXLD50qbZ7rNYQrJ+yo VOP+3tY7LVwmh6JuAYu/xhG3zNOkdpTcrBjrc3Qq+hk3z8par1kh70xm7xanfg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615451093; a=rsa-sha256; cv=none; b=swlLVib/bFdBnLwvhNeTqWW9Vl2AHP7mBEXkWh8Qgpp6NgW0+KOcNOMVCinzdLsPjvXy61 VWK9YSMURyHtZS1P9nvqTuGlM0R2rHVAz/IbwbPnM0ZhOALytsTh3mL3OEcpk3MRZQD3Fl Wzi1yMRUOOedmotp24p0y35Y8x2L53LJ5rq3L/IzwrVoOOAqcXdluRy/CgU9glNQtpw555 kJPteIfhQ4n3FAB8wCAC8rJDrJ8864zsaE/qpSQ1zdzZUD7blO64Tvz2Ah1RcevrMbCuKX BYC64cwaZBBUpgiRHViu3exZjP2r6xygYyrR/i4oRpSPl4p4MT3IU1Wheo+BPw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=web.de header.s=dbaedf251592 header.b="fzt+q8/t"; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.09 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=web.de header.s=dbaedf251592 header.b="fzt+q8/t"; dmarc=pass (policy=none) header.from=web.de; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 171DD28BEA X-Spam-Score: -3.09 X-Migadu-Scanner: scn0.migadu.com X-TUID: 0NtqpwoHfHZT Am 11.03.21 um 09:08 schrieb Ricardo Wurmus: > > L=C3=A9o Le Bouter writes: > >> I must come to the conclusion that using GNOME 3.34 in GNU Guix right >> now is just straight out insecure. I would advise we either, get rid of >> GNOME, backport all individual security patches (they can be >> numerous..), or upgrade GNOME to latest and keep up over time. >> >> I don't think we can afford to spend time backporting security fixes to >> the numerous GNOME packages with CVEs, not with current resources, it >> is time-consuming. > > No, GNOME should be upgraded. I upgraded it twice in the past, and it= =E2=80=99s > a lot of work, but certainly not impossible. > > I don=E2=80=99t know if anyone is working on it right now, though. I wa= s told > months ago that Raghav Gururajan was working on GNOME upgrades as part > of the wip-desktop branch, but my occasional questions for a status > upgrade have gone unanswered. Raghav, please correct me if I=E2=80=99m > mistaken. It would be good to clarify what is and isn=E2=80=99t the sco= pe of > wip-desktop. I tried rebasing wip-gnome3.36 to master. I'm not done yet... But I thinks its easier then merging the wip-desktop branch, because that one is huge and a bit dirty...