Hi all,
On Tue, Apr 2 2024 at 08:23:40 AM +0000, Attila Lendvai
<att...@lendvai.name> wrote:
There's actually suspicious code by the xz attacker in one of our
packages right now:
<https://issues.guix.gnu.org/issue/70113>
Please help review that patch!
as for gpaste (one of the dependees of libarchive):
it doesn't build since the recent gnome merge. i've filed a patch for
the necessary version bump:
<https://issues.guix.gnu.org/70133>
which also gets rid of the libarchive dependency.
I mentioned this on the guix XMPP server. Thanks for fixing this!
it would be nice to get this fast tracked. although, judging from the
(lack of) complaints, i might be the only user of it.
PS: and meanwhile we're packaging an alternative, namely
gnome-shell-extension-clipboard-indicator, with an enormous security
flaw: by default it saves the clipboard history in clear text, and
calls the feature "cache only favorites", so that even if you look
for it, you still don't realize it:
<https://github.com/Tudmotu/gnome-shell-extension-clipboard-indicator/issues/138#issuecomment-904689439>
...and its author actively defends this situation.
I used gpaste up until the merge and went to use the extension. I had
absolutely no idea this was the state of things; that is very worrying.
I'm keen to see your patch fasttracked - you're not the only user, haha!
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“The noble-minded are calm and steady. Little people are forever
fussing and fretting.”
— Confucius (551–479 BC), 'Analects of Confucius'
Thanks,
Ada
