Re: GNOME 3.34 in GNU Guix and security

[Ricardo Wurmus]

Léo Le Bouter <lle-bout@zaclys.net> writes:

> I must come to the conclusion that using GNOME 3.34 in GNU Guix right
> now is just straight out insecure. I would advise we either, get rid of
> GNOME, backport all individual security patches (they can be
> numerous..), or upgrade GNOME to latest and keep up over time.
>
> I don't think we can afford to spend time backporting security fixes to
> the numerous GNOME packages with CVEs, not with current resources, it
> is time-consuming.

No, GNOME should be upgraded.  I upgraded it twice in the past, and it’s
a lot of work, but certainly not impossible.

I don’t know if anyone is working on it right now, though.  I was told
months ago that Raghav Gururajan was working on GNOME upgrades as part
of the wip-desktop branch, but my occasional questions for a status
upgrade have gone unanswered.  Raghav, please correct me if I’m
mistaken.  It would be good to clarify what is and isn’t the scope of
wip-desktop.

We™ should upgrade GNOME as soon as possible.  It’s been stuck on 3.34
for much too long.

-- 
Ricardo