Léo Le Bouter <lle-bout@zaclys.net> writes:
I must come to the conclusion that using GNOME 3.34 in GNU Guix right
now is just straight out insecure. I would advise we either, get rid of
GNOME, backport all individual security patches (they can be
numerous..), or upgrade GNOME to latest and keep up over time.
I don't think we can afford to spend time backporting security fixes to
the numerous GNOME packages with CVEs, not with current resources, it
is time-consuming.
No, GNOME should be upgraded. I upgraded it twice in the past, and it’s
a lot of work, but certainly not impossible.
I don’t know if anyone is working on it right now, though. I was told
months ago that Raghav Gururajan was working on GNOME upgrades as part
of the wip-desktop branch, but my occasional questions for a status
upgrade have gone unanswered. Raghav, please correct me if I’m
mistaken. It would be good to clarify what is and isn’t the scope of
wip-desktop.