From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id gIiaB1OMSWBCXgAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 11 Mar 2021 03:19:47 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id gB+FA1OMSWCOBQAAB5/wlQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 11 Mar 2021 03:19:47 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 745A010021
	for <larch@yhetil.org>; Thu, 11 Mar 2021 04:19:46 +0100 (CET)
Received: from localhost ([::1]:55444 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1lKBrV-0001qZ-GW
	for larch@yhetil.org; Wed, 10 Mar 2021 22:19:45 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:57570)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@zaclys.net>)
 id 1lKBrN-0001qS-Rc
 for guix-devel@gnu.org; Wed, 10 Mar 2021 22:19:37 -0500
Received: from mail.zaclys.net ([178.33.93.72]:47897)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@zaclys.net>)
 id 1lKBrL-00021v-Gj
 for guix-devel@gnu.org; Wed, 10 Mar 2021 22:19:37 -0500
Received: from [192.168.0.27] (82-64-145-38.subs.proxad.net [82.64.145.38])
 (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12B3JWGK036251
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <guix-devel@gnu.org>; Thu, 11 Mar 2021 04:19:33 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12B3JWGK036251
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@zaclys.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1615432773;
 bh=Jn8GGagALcJdgSXWdO0vroylYS/Dr5DJ0KlAJBwVhCs=;
 h=Subject:From:To:Date:From;
 b=GJTrGWYpQxw9vnJ6YfeRxurQlIdgpM7Yj8ui6i9LfmrUwVV3/pnuXgu9lAZ8mgmQ1
 OUy1IUhuP+b/lGm/eYW0pxjBt1nzVU/YjYoId4k+dqGvsyUBzg/fEpVF5/WMNzfSna
 rKp5HQZRl/P5Q+DAWZrE1yDcxADyX7Oh8cTtQy2s=
Message-ID: <4720e347b48bd6ca4710b461cadecf0b65aa6442.camel@zaclys.net>
Subject: GNOME 3.34 in GNU Guix and security
From: =?ISO-8859-1?Q?L=E9o?= Le Bouter <lle-bout@zaclys.net>
To: guix-devel@gnu.org
Date: Thu, 11 Mar 2021 04:19:27 +0100
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-Og7tg0YMDz8DYwSYLfFc"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@zaclys.net;
 helo=mail.zaclys.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1615432786;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=Jn8GGagALcJdgSXWdO0vroylYS/Dr5DJ0KlAJBwVhCs=;
	b=rXIxf2qFLiz2FYqn0M93gYRUTOKzSFnAVJkzpdyUAppOQVj3lpMWtf7OOU4okPgOzULPW/
	0lCp4QYADnAEbhhqImJAl4aX8O4pEAvFBzBpj0geOv/ch8SXTu5YMtIg9vsi9e0g3y5PIQ
	7fjdora2VZsVOM4ofae1TK35Vn27NaAQV6z7iU3m79V55CCMXd6Ct+A07bax5NM1FvjkH2
	jEaxegU1hDW7UE3HMb53zIFfAKD+8JsAQX2N4IEvBGh/TgqNeGiUBeHPfBnyYMV2kFfh16
	UlVXPlJgZByx5l4VHpjTPJ7KSUntfUsKu9atFcDqNABF/wa2Q30NNUaIIsx41g==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615432786; a=rsa-sha256; cv=none;
	b=JL2CRPgTZhY7PZSvu0ALraym1uN7L9kIktgUTCaAr5R8po+oqOqe6f45eJR2nTeT/x7rOj
	AVyXYXmY1IAWMKsV72comHs57BNpQdWknGDwbD2PPGsNLLvgFH5FvTyZQ9KFybTqPgnpsW
	NkpM1QCupmyL2IGLipXYxW7lVDIVgPjjkbhyOVbcD0BhqP9Bfw6/KdTcLsk4ym24YkYTKx
	P+LSwgdV1774uqp6qv/ZGRWmu9AcW3uUTZtFJU8w4/2Sep25OlQ+sE1Azrf9B0Dc8H+DK5
	URcS6c9AzqEH8yjPTIS+CBTBI/GrRtxClBQpAbSrLAi9Yy5GE333psTMLOHQXQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=zaclys.net header.s=default header.b=GJTrGWYp;
	dmarc=pass (policy=reject) header.from=zaclys.net;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Spam-Score: -5.19
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=zaclys.net header.s=default header.b=GJTrGWYp;
	dmarc=pass (policy=reject) header.from=zaclys.net;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: 745A010021
X-Spam-Score: -5.19
X-Migadu-Scanner: scn0.migadu.com
X-TUID: IiJSJbFqNSM3


--=-Og7tg0YMDz8DYwSYLfFc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello!

I must come to the conclusion that using GNOME 3.34 in GNU Guix right
now is just straight out insecure. I would advise we either, get rid of
GNOME, backport all individual security patches (they can be
numerous..), or upgrade GNOME to latest and keep up over time.

I don't think we can afford to spend time backporting security fixes to
the numerous GNOME packages with CVEs, not with current resources, it
is time-consuming.

L=C3=A9o

--=-Og7tg0YMDz8DYwSYLfFc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBJjD8ACgkQRaix6GvN
EKagog/+PtkTjM7H24OOOAJ6orqvO6QRKNb1CVse8ZGM6hLJZY57LBqhSwwEnrHm
93kL6IVAe1clrd9smP048t9ZhOupFBOfWBrePKWlq38SOeDT6yK8Qj+DgFcJI6AW
x6Bd8YXk3yMB5jHQqkvQBknOY/rqY6Zm5kW6rb0CLgF+ft+e59SZ9+yw8Ti9TdTa
J2TlpN90UJLH99QkU9wDvRZHODd+XBDPCItSjCPCVWE7b58xDuIxWwX4Pqkeo/wr
2zU3Jcq/8Z1KeH6HRBc22rTO3SCCVq+dt2WZix3dx0xuHspPHoodNTnPsIw3PHQr
oFEiNvDZFWCCXtmqfrwNP2Lc4tKoiRrtQcatD5CGulCi74VtAy1fbZixrOy7c/Ge
hlsnrDPGMg9ZWkrni+VV9KoJ6Aw/IzKCNuIkxwiHoG5smn5RwzW698hsDXlR5CX7
qlf9nGCHPVBgL8ZJaaUQjTyS+c3Eveq4TIuVuHZACqDysXcMAKDrnIwuWQvqnBN7
f4wsiEWWDfTbcDTw/VcYM5n7+/3L4CbXhoapvrNcadyHoFM98OxuIMlye+BD9byO
3YNzobN3N1oC8GiYzpsLfFHmpf3mvc8/hNh0UumdMehohHDE+kAUji4Mi8EgWeFP
4B0JIZ+A102n8rst4jxfm0DM/SkfAC7de8klNPx6MwJoVsrTBVY=
=bNFT
-----END PGP SIGNATURE-----

--=-Og7tg0YMDz8DYwSYLfFc--