On 2017-06-09 06:24 AM, Sebastien Bacher wrote: > Hey, > > Le 09/06/2017 à 11:09, Jeremy Bicha a écrit : >> GNOME Weather is a simple app to show you the weather. It is written >> in gjs. It has been part of GNOME core since GNOME 3.20. It has no >> universe runtime dependencies and is well-maintained in Debian and >> Ubuntu. I don't believe there has been any security issue with this >> app. >> >> If GNOME Weather is installed in GNOME 3.24+ (Ubuntu 17.04+), GNOME >> Shell's clock menu will also show you the current weather. > > That could be a nice small one to add indeed, few comments/questions > > - is having more things using gjs going to make it more difficult to > update mozjs/gjs for security reasons?
We still have no strategy on how to update mozjs for security vulnerabilities. Having it parse code that came out of a repository is one thing, but having it parse untrusted content downloaded from the internet, or render multimedia content is problematic. Does the desktop team have a strategy for supporting mozjs for the 5 year duration of an LTS release? > > - is gnome-weather detecting your current location or just using the > configured timezone? > > - if it's guessing your location what service is it using and how > accurate is it? And can that service be used in a commercial product? Marc. -- ubuntu-desktop mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
