[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#26176: What to do about unmaintained frameworks like address@hidden
From: |
Efraim Flashner |
Subject: |
bug#26176: What to do about unmaintained frameworks like address@hidden in Guix? |
Date: |
Mon, 20 Mar 2017 08:50:54 +0200 |
User-agent: |
Mutt/1.8.0 (2017-02-23) |
On Sun, Mar 19, 2017 at 10:17:38PM +0000, ng0 wrote:
> Leo Famulari transcribed 2.1K bytes:
> > We do a good job of deploying security updates to address@hidden
> > Typically, we push the update within 24 hours.
> >
> > However, several packages still depend on address@hidden, which is
> > unmaintained upstream and surely contains many serious security
> > vulnerabilities.
> >
> > $ guix refresh -l address@hidden
> > Building the following 6 packages would ensure 10 dependent packages are
> > rebuilt: aria-maestosa-1.4.11 wxmaxima-16.04.2 filezilla-3.24.1
> > elixir-1.3.2 kicad-4.0-1.4ee344e audacity-2.1.2
> >
> > People who install these packages probably do not expect to install
> > software containing publicly disclosed security vulnerabilities.
> >
> > We should try to make these packages use a maintained version of
> > webkitgtk.
>
> Maybe those packages are already confirmed to work with 2.14, in some
> commit in upstream software. If they aren't, and we can't make them
> build with 2.14 in a functional way, it would serve a broad spectrum of
> clients including Guix users to get in contact with the affected
> package.
>
Good news on that front!
$ guix refresh -l wxwidgets
Building the following 5 packages would ensure 6 dependent packages are
rebuilt: aria-maestosa-1.4.11 wxmaxima-16.04.2 filezilla-3.24.1
elixir-1.3.2 audacity-2.1.2
kicad uses wxwidgets built with gtk+-2, and the one that didn't show up
at all, gnucash, uses webkitgtk/gtk+-2, which is the address@hidden version of
address@hidden
Wxwidgets currently is built with address@hidden, but it looks like it
supports webkit.
I'm currently working on testing wxwidgets built with webkit to see if
that takes care of everything currently relying on address@hidden other
than gnucash.
--
Efraim Flashner <address@hidden> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature