Dev/GNOME

From Kicksecure
< Dev
Jump to navigation Jump to search

Kicksecure Development Notes on GNOME

For user documentation, see Other Desktop Environments instead!

This page is not intended for users or non-developers.

Security[edit]

  • GNOME Website Extensions:
  • Security Risks in Default Installation: The standard GNOME setup includes numerous features, which may lead to security vulnerabilities in servers.
  • Social Account Integration: Privacy and security concerns about integrating social accounts.

Reasons Against Using a Minimal Desktop Environment Without Its Bad Stuff[edit]

While it might be theoretically possible to avoid GNOME's undesirable aspects by selectively using only core packages like the window manager and systray, this approach is not without significant drawbacks.

Selectively using GNOME components, such as the window manager and systray, and concurrently issuing warnings about other standard GNOME functionalities, presents a contradiction and practical challenges. This methodology seems counterintuitive: utilizing only specific parts of GNOME (like the window manager and systray) while also having to add warnings and disclaimers against its standard, documented features in user documentation and support requests.

For example, GNOME's recommended method for installing the Clipboard Indicator involves visiting extensions.gnome.org Clipboard Indicatorarchive.org and clicking 'Install'. However, this raises a question: what is the secure alternative that bypasses browser interactions and includes digital software verification? As of this writing, this remains unclear.

For instance, consider a user query:

Is it safe to install gnome-clocksarchive.org?"

Hypothetical user support request.

No, it is not recommended due to its dependency on geoclue-2.0archive.org. This dependency not only expands the attack surface but also has privacy concernsarchive.org. Currently, instructions to mitigate these risks remain undocumented."

Hypothetical reply.

Such an approach would lead to inconsistency and confusion for users, undermining the practicality of using a minimal GNOME setup.

No comparable issues exist for Xfce. Users have the advantage of leveraging both Debian and Xfce documentation, along with resources from third parties, to customize and utilize Xfce effectively.

Usability[edit]

Systray Absence: By default, GNOME does not include a systray.

How can it be added?

  • For typical GNOME users, the recommended method is to visit: AppIndicator Supportarchive.org and click the 'Install' button.
  • Command line: For users who want to install from the command line, packages.debian.org or from source code while performing digital software signatures verification: Unknown.
  • Linux distributions: For Linux distributions using a build script, the process remains unclear. (Clicking buttons is inappropriate for Linux distribution build scripts.) Should a solution for command line become available, it might also provide insight into this scenario.

Trademark[edit]

https://foundation.gnome.org/logo-and-trademarks/archive.org

https://wiki.gnome.org/Foundation/SoftwarePolicyarchive.org

Software projects which are included in GNOME Circle are not official GNOME software. As such, they cannot use the GNOME trademarks to identify themselves.

Qubes[edit]

Qubes' Stance on GNOME: Qubes has also decided against using GNOME: https://github.com/QubesOS/qubes-issues/issues/1806#issuecomment-1768557436archive.org

Related[edit]


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 11 year success story and maybe DONATE!