This post is the latest in my series of GNOME Foundation updates. I’m writing these in my capacity as Foundation President, where I’m busy managing a lot of what’s happening at the organisation at the moment. Each of these posts is a report on what happened over a particular period, and this post covers the current week as well as the previous one (23rd February to 6th March).

Audit time

I’ve mentioned the GNOME Foundation’s audit on numerous occassions previously. This is being conducted as a matter of routine, but it is our first full formal audit, so we have been learning a lot about what’s involved.

This week has been the audit fieldwork itself, which has been quite intense and a lot of work for everyone involved. The audit team consists of 5 people, most of whom are accountants of different grades. Our own finance team has been meeting with them three times a day since Tuesday, answering questions, doing walkthroughs of our systems, and providing additional documents as requested.

A big part of the audit is cross-referencing and checking documentation, and we have been busy responding to requests for information throughout the week. On last count, we have provided 140 documents to the auditors this week alone, on 20 different themes, including statements, receipts, contracts, invoices, sponsorship agreements, finance reports, and so on.

We’re expecting the draft audit report in about three weeks. Initial signs are good!

GUADEC 2026

Planning activity for GUADEC 2026 has continued over the past two weeks. That includes organising catering, audio visual facilities, a photographer, and sponsorship work.

Registration for the event is now open. The Call for Papers is also open and will close on 13 March – just one week away! If you would like to present this year, please submit an abstract!

If you would like travel sponsorship for GUADEC, there are two deadlines to submit a request: 15th March (for those who need to book travel early, such as if they need a visa) and 24th May (for those with less time pressure).

LAS 2026

This year’s Linux App Summit is happening in Berlin, on the 16th and 17th May, and is shaping up to be a great event. As usual we are co-organizing the event with KDE, and the call for proposals has just opened. If you’d like to present, you have until 23rd March to submit a paper.

The Travel Committee will be accepting travel applications for LAS attendees this year, so if you’d like to attend and need travel assistance, please submit a request no later than 13th April.

Infrastructure

On the infrastracture side, GNOME’s single sign on service has been integrated with blogs.gnome.org, which is great for security, as well as meaning that you won’t need to remember an extra password for our WordPress instance. Many thanks to miniOrange for providing us with support for their OAuth plugin for WordPress, which has allowed this to happen!

That’s it for my update this week. In addition to the highlights that I’ve mentioned, there are quite a number of other activities happening at the Foundation right now, particularly around new programs, some of which we’re not quite ready to talk about, but hope to provide updates on soon.

Update on what happened across the GNOME project in the week from February 27 to March 06.

GNOME Core Apps and Libraries

Calendar ↗

A simple calendar application.

Hari Rana | TheEvilSkeleton (any/all) 🇮🇳 🏳️‍⚧️ reports

Everyone, rejoice 🙌

Georges livestreamed himself reviewing and merging accessibility contributions in GNOME Calendar again, specifically the entirety of merge request !564 , which introduces keyboard-navigable month cells. As a result, as of GNOME 50, GNOME Calendar’s month view will be fully navigable with a keyboard for the first time in its history !

Here’s a quick explanation of how to navigate:

• When tabbing between events, focus moves chronologically. This means that focus continues to move down until there are no event widgets overlaying the current cell. Then, focus moves to the topmost event widget in the next cell or row. Tabbing backwards with Shift+Tab moves in the opposite direction.
• On the last event widget, pressing Tab moves the focus to the adjacent month cell. Conversely, pressing Ctrl+Tab on any event widget has the same effect.
• Pressing an activation button (such as Enter or Space) displays the popover for creating an event. Additionally, pressing and holding the Shift key while pressing the arrow keys selects every cell between the start and end positions until the Shift key is released, which displays the popover with the selected range.

The only high-level goal that needs work now is conveying these information with assistive technologies properly.

Both merge requests !564 and !598 took us almost an entire year to explore various approaches and finally settle on the best one for our use case. Everything was done voluntarily, relying solely on support from donors and those who share these posts, without any financial backing from other entities. In contrast, most, if not all, calendar apps backed by trillion-dollar companies still don’t offer proper keyboard navigation across their views. In many cases, they haven’t even reached feature parity. If it is not too much trouble, please consider funding my accessibility work on GNOME . Thank you! ♥️

GTK ↗

Cross-platform widget toolkit for creating graphical user interfaces.

Emmanuele Bassi reports

GTK 4.22.0 is now available for application developers! Lots of changes happened in this development cycle:

• a new SVG-based format for symbolic icons, including state-based animations
• GtkSvg , a paintable that renders (animated) SVG efficiently
• GtkAccessibleHypertext , an interface for accessible object containing links
• GTK now relies on the settings portal, under Wayland
• improved language filtering in the font selection dialog
• a new reduced motion setting, complete with media query, for controlling the amount and type of animations in widgets
• GskRenderReplay , a new API for replaying render nodes
• the backdrop-filter CSS property is now supported
• GtkPopoverBin is a new widget that you can use to show a popover menu on a widget

GTK 4.22 is going to be available in the GNOME 50 run time.

Python Bindings (PyGObject) ↗

Python language bindings for GNOME platform libraries.

Arjan reports

PyGObject 3.56.0 has just been released. Major features include: better integration with GObject’s lifecycle ( do_constructed , do_dispose ), a simpler way to deal with Python wrapper objects, and cleanup of legacy code.

A write-up of the most important changes can be found at https://pygobject.gnome.org/news/pygobject-3-56.html .

This is a stable release, so you can find it on PyPI , as well as the GNOME download server .

Third Party Projects

Ronnie Nissan announces

This week I released concessio v0.3.0 adding support for umask conversions. This was a requested feature. I also added umask explanition to the help dialog. Hope you will like it.

You can get Concessio from Flathub

Ans Ibrahim says

Memento , the movie tracking app, got updates this week with version 1.1.0 and 1.1.1 :

• IMDb rating support in movie details and refresh flow
• Localization improvements, including French translations
• UI and navigation polish, plus layout fixes

Also highlighting the original 1.0.0 features:

• Watchlist management with search, sorting, and pagination
• Play history tracking with date, place, and optional comments
• Movie details with cast/crew and external links
• Dashboard and top-people insights

Marcel Tiede announces

There is a new community project Maui.Gtk that integrates GTK via the GirCore C# bindings as a linux backend for Microsoft’s MAUI .

Rat Cornu says

ratic is a new music player in construction, built with gtk-rs and relm4 . The first version was released this week, with:

• Support of most music files
• Sort and group by album, artist, full-text searching
• Dynamic blurred background with light/dark modes
• A music queue with several play modes
• Support of MPRIS controls
• Internationalization support using weblate (currently only english and french) It still misses a lot of features, but it will continue to grow in the following weeks, so do not hesitate to test it, open an issue or even come talk with us in the matrix room !

Ronnie Nissan announces

Just today I published Embellish v0.7.0. This version adds support for custom fonts.

• Add a custom font using a url pointing to a zip or tar.xz file
• Export all the custom fonts
• Import custom fonts either from a file or by copy pasting them in the import dialog
• The import dialog using GtkSourceView to color highlight the json data

Tip: you can add any font, not just NerdFonts making Embellish a really useful tool in my biased opinion.

You can get Embellish from Flathub

Parabolic ↗

Download web video and audio.

Nick reports

Parabolic V2026.3.0-beta1 is here!

This release contains many new features, fixes and a new macOS build of the GNOME app! We are asking all users to help test this release and the new macOS build, if possible (as I personally do not own a Mac so I rely on users in the community to work with me in testing). Thank you for any help in advanced! 😃

Here’s the full changelog:

• Added macOS app for the GNOME version of Parabolic
• Added Windows portable version of Parabolic
• Added the ability to specify a preferred frame rate for video downloads in the Parabolic’s settings
• Added the ability to automatically translate embedded metadata and chapters to the app’s language on supported sites. This can be turned off in Converter settings
• Added the ability to update deno from within the app
• Added thumbnail image preview to add download dialog and downloads view
• Added failed filter to downloads view
• Improved selection of playlist video formats when resolutions are specified
• Improved selection of playlist audio formats on Windows when bitrates are specified
• Improved cropping of audio thumbnails
• Improved handling of long file names, they will now be truncated if too long
• Removed unsupported cookie browsers on Windows. Manual txt files should be used instead
• Updated yt-dlp

That’s all for this week!

See you next week, and be sure to stop by #thisweek:gnome.org with updates on your own projects!

Painkillers are essential. (There are indicators that Neanderthals already used them.) However, many people don’t know about aspects of them, that could be relevant for them in practice. Since I learned some new things recently, here a condensed info dump about painkillers.

Many aspects here are oversimplified in the hope to raise some initial awareness. Please consult your doctor or pharmacist about your personal situation , if that’s possible. I will not talk about opioids. Their addiction potential should never be underestimated.

Here is the short summary:

• Find out which substance and dose works for you.
• With most painkillers, check if you need to take Pantoprazole to protect your stomach.
• Never overdose paracetamol, never take it with alcohol.
• If possible, take pain medication early and directly in the dose you need.
• Don’t take pain medication for more than 15 days a month against headaches. Some mediaction even fewer days.
• If you have any preexisting conditions, health risks, or take additional medication, check very carefully if any of these things could interacts with your pain medication.

Not all substances will work for you

The likelihood of some substances not working for some sort of pain for you is pretty high. If something doesn’t seem to work for you, consider trying a different substance . I have seen many doctors being very confident that a substance must work. The statistics often contradict them.

Common over the counter options are:

• • Ibuprofen
  • Paracetamol
  • Naproxen
  • Acetylsalicylic Acid (ASS)
  • Diclofenac

All of them also reduce fever. All of them, except Paracetamol, are anti-inflammatory. The anti-inflammatory effect is highest in Diclofenac and Naproxen, still significant in Ibuprofen.

It might very well be that none of them work for you. In that case, there might still be other options to prevent or treat your pain.

Gastrointestinal (GI) side effects

All nonsteroidal anti-inflammatory drugs (NSAIDs), that is, Ibuprofen, Naproxen, ASS, and, Diclofenac can be hard on your stomach. This can be somewhat mitigated by taking them after a meal and with a lot of water.

Among the risk factors you should be aware of are Age above 60, history of GI issues, intake of an SSRI, SNRI, or Steroids, consumption of alcohol, or smoking. The risk is lower with Ibuprofen, but higher for ASS, Naproxen, and, especially, Diclofenac.

It is common to mitigate the GI risks by taking a Proton Pump Inhibitor (PPI) like Pantoprazole 20 mg. Usually, if any of the risk factors apply to you. You can limit the intake to the days where you use painkillers. You only need one dose per day, 30–60 minutes before a meal. Then you can take the first painkiller for the day after the meal. Taking Pantoprazole for a few days a month is usually fine. If you need to take it continuously or very often, you have to very carefully weigh all the side effects of PPIs.

Paracetamol doesn’t have the same GI risks. If it is effective for you, it can be an option to use it instead. It is also an option to take a lower dose NSAIDs and a lower dose of paracetamol to minimize the risks of both.

Metamizole is also a potential alternative. It might, however, not be available in your country, due to a rare severe side effect. If available, it is still a potential option in cases where other side effects can also become very dangerous. It is usually prescription-only.

For headaches, you might want to look into Triptans. They are also usually prescription-only.

Liver related side effects

Paracetamol can negatively affect the liver. It is therefore very important to honor its maximum dosage of 4000 mg per day , or lower for people with risk factors. Taking paracetamol more than 10 days per month can be a risk for the liver. Monitoring liver values can help, but conclusive changes in your blood work might be delayed until initial damage has happened.

A risk factor is alcohol consumption. It increases if the intake overlaps. To be safe, avoid taking paracetamol for 24 hours after alcohol consumption.

NSAIDs have a much lower risk of affecting the liver negatively.

Cardiovascular risks

ASS is also prescribed as a blood thinner. All NSAIDs have this effect to some extent. However, for ASS, the blood thinning effect extends to more than a week after it has been discontinued. Surgeries should be avoided until that effect has subsided. It also increases the risk for hemorrhagic stroke. If you have migraine with aura, you might want to avoid ASS and Diclofenac.

NSAIDs also have the risk to increase thrombosis. If you are in as risk group for that, you should consider avoiding Diclofenac.

Paracetamol increases blood pressure which can be relevant if there are preexisting risks like already increased blood pressure.

If you take ASS as a blood thinner. Take Aspirin at least 60 minutes before Metamizole. Otherwise, the blood thinning effect of the ASS might be suppressed.

Effective application

NSAIDs have a therapeutic ceiling for pain relief. You might not see an increased benefit beyond a dose of 200 mg or 400 mg for Ibuprofen. However, this ceiling does not apply for their anti-inflammatory effect, which might increase until 600 mg or 800 mg. Also, a higher dose than 400 mg can often be more effective to treat period pain. Higher doses can reduce the non-pain symptoms of migraine. Diclofenac is commonly used beyond its pain relief ceiling for rheumatoid arthritis.

Take pain medication early and in a high enough dose. Several mechanisms can increase the benefit of pain medication. Knowing your effective dose and the early signs to take it is important. If you have early signs of a migraine attack, or you know that you are getting your period, it often makes sense to start the medication before the pain onset. Pain can have cascading effects in the body, and often there is a minimum amount of medication that you need to get a good effect, while a lower dose is almost ineffective.

As mentioned before, you can combine an NSAIDs and Paracetamol. The effects of NSAIDs and Paracetamol can enhance each other, potentially reducing your required dose. In an emergency, it can be safe to combine both of their maximum dosage for a short time. With Ibuprofen and Paracetamol, you can alternate between them every three hours to soften the respective lows in the 6-hour cycle of each of them.

Caffeine can support the pain relief. A cup of coffee or a double-espresso might be enough.

Medication overuse headache

Don’t use pain medication against headaches for more than 15 days a month. If you are using pain medication too often for headaches, you might develop a medication overuse headache (German: Medikamentenübergebrauchskopfschmerz). They can be reversed by taking a break from any pain medication. If you are using triptans (not further discussed here), the limit is 10 days instead of 15 days.

While less likely, a medication overuse headache can also appear when treating a different pain than headaches.

If you have more headache days than your painkillers allow treating, there are a lot of medications for migraine prophylaxis. Some, like Amitriptyline, can also be effective for a variety of other kinds headaches.

• Planning call in the morning, mail chew, prodded a proposal, lunch, sync with Laser, Anna & Andras, customer call.
• Pleased to see a really nice The Open Road to Freedom index, making it easier to see what is going on.
• Finally managed to get my Apple account to let me pay for a developer subscription - after lots of compound problems wasting hours. Clearly I've hit some buggy indeterminate state - still can't see subscriptions or country information: perhaps I'm stuck mid-atlantic beween two systems.

Six years ago I released Flatseal . Since then, it has become an essential tool in the Flatpak ecosystem helping users understand and manage application permissions. But there’s still a lot of work to do!

I’m thrilled to share that my employer Igalia has selected Flatseal for its Coding Experience 2026 mentoring program.

The Coding Experience is a grant program for people studying Information Technology or related fields. It doesn’t matter if you’re enrolled in a formal academic program or are self-taught. The goal is to provide you with real world professional experience by working closely with seasoned mentors.

As a participant, you’ll work with me to improve Flatseal, addressing long standing limitations and developing features needed for recent Flatpak releases. Possible areas of work include:

• Redesign and refactor Flatseal’s permissions backend
• Support denying unassigned permissions
• Support reading system-level overrides
• Support USB devices lists permissions
• Support conditional permissions
• Support most commonly used portals

This is a great opportunity to gain real-world experience, while contributing to open source and helping millions of users.

Applications are open from February 23rd to April 3rd. Learn more and apply here !

A lot of hardware runs non-free software. Sometimes that non-free software is in ROM. Sometimes it’s in flash. Sometimes it’s not stored on the device at all, it’s pushed into it at runtime by another piece of hardware or by the operating system. We typically refer to this software as “firmware” to differentiate it from the software run on the CPU after the OS has started ¹ , but a lot of it (and, these days, probably most of it) is software written in C or some other systems programming language and targeting Arm or RISC-V or maybe MIPS and even sometimes x86 ² . There’s no real distinction between it and any other bit of software you run, except it’s generally not run within the context of the OS ³ . Anyway. It’s code. I’m going to simplify things here and stop using the words “software” or “firmware” and just say “code” instead, because that way we don’t need to worry about semantics.

A fundamental problem for free software enthusiasts is that almost all of the code we’re talking about here is non-free. In some cases, it’s cryptographically signed in a way that makes it difficult or impossible to replace it with free code. In some cases it’s even encrypted, such that even examining the code is impossible. But because it’s code, sometimes the vendor responsible for it will provide updates, and now you get to choose whether or not to apply those updates.

I’m now going to present some things to consider. These are not in any particular order and are not intended to form any sort of argument in themselves, but are representative of the opinions you will get from various people and I would like you to read these, think about them, and come to your own set of opinions before I tell you what my opinion is.

THINGS TO CONSIDER

• Does this blob do what it claims to do? Does it suddenly introduce functionality you don’t want? Does it introduce security flaws? Does it introduce deliberate backdoors? Does it make your life better or worse?

• You’re almost certainly being provided with a blob of compiled code, with no source code available. You can’t just diff the source files, satisfy yourself that they’re fine, and then install them. To be fair, even though you (as someone reading this) are probably more capable of doing that than the average human, you’re likely not doing that even if you are capable because you’re also likely installing kernel upgrades that contain vast quantities of code beyond your ability to understand ⁴ . We don’t rely on our personal ability, we rely on the ability of those around us to do that validation, and we rely on an existing (possibly transitive) trust relationship with those involved. You don’t know the people who created this blob, you likely don’t know people who do know the people who created this blob, these people probably don’t have an online presence that gives you more insight. Why should you trust them?

• If it’s in ROM and it turns out to be hostile then nobody can fix it ever

• The people creating these blobs largely work for the same company that built the hardware in the first place. When they built that hardware they could have backdoored it in any number of ways. And if the hardware has a built-in copy of the code it runs, why do you trust that that copy isn’t backdoored? Maybe it isn’t and updates would introduce a backdoor, but in that case if you buy new hardware that runs new code aren’t you putting yourself at the same risk?

• Designing hardware where you’re able to provide updated code and nobody else can is just a dick move ⁵ . We shouldn’t encourage vendors who do that.

• Humans are bad at writing code, and code running on ancilliary hardware is no exception. It contains bugs. These bugs are sometimes very bad. This paper describes a set of vulnerabilities identified in code running on SSDs that made it possible to bypass encryption secrets. The SSD vendors released updates that fixed these issues. If the code couldn’t be replaced then anyone relying on those security features would need to replace the hardware.

• Even if blobs are signed and can’t easily be replaced, the ones that aren’t encrypted can still be examined. The SSD vulnerabilities above were identifiable because researchers were able to reverse engineer the updates. It can be more annoying to audit binary code than source code, but it’s still possible.

• Vulnerabilities in code running on other hardware can still compromise the OS . If someone can compromise the code running on your wifi card then if you don’t have a strong IOMMU setup they’re going to be able to overwrite your running OS.

• Replacing one non-free blob with another non-free blob increases the total number of non-free blobs involved in the whole system, but doesn’t increase the number that are actually executing at any point in time.

Ok we’re done with the things to consider. Please spend a few seconds thinking about what the tradeoffs are here and what your feelings are. Proceed when ready.

I trust my CPU vendor. I don’t trust my CPU vendor because I want to, I trust my CPU vendor because I have no choice. I don’t think it’s likely that my CPU vendor has designed a CPU that identifies when I’m generating cryptographic keys and biases the RNG output so my keys are significantly weaker than they look, but it’s not literally impossible. I generate keys on it anyway, because what choice do I have? At some point I will buy a new laptop because Electron will no longer fit in 32GB of RAM and I will have to make the same affirmation of trust, because the alternative is that I just don’t have a computer. And in any case, I will be communicating with other people who generated their keys on CPUs I have no control over, and I will also be relying on them to be trustworthy. If I refuse to trust my CPU then I don’t get to computer, and if I don’t get to computer then I will be sad. I suspect I’m not alone here.

Why would I install a code update on my CPU when my CPU’s job is to run my code in the first place? Because it turns out that CPUs are complicated and messy and they have their own bugs, and those bugs may be functional (for example, some performance counter functionality was broken on Sandybridge at release, and was then fixed with a microcode blob update) and if you update it your hardware works better. Or it might be that you’re running a CPU with speculative execution bugs and there’s a microcode update that provides a mitigation for that even if your CPU is slower when you enable it, but at least now you can run virtual machines without code in those virtual machines being able to reach outside the hypervisor boundary and extract secrets from other contexts. When it’s put that way, why would I not install the update?

And the straightforward answer is that theoretically it could include new code that doesn’t act in my interests, either deliberately or not. And, yes, this is theoretically possible. Of course, if you don’t trust your CPU vendor, why are you buying CPUs from them, but well maybe they’ve been corrupted (in which case don’t buy any new CPUs from them either) or maybe they’ve just introduced a new vulnerability by accident, and also you’re in a position to determine whether the alleged security improvements matter to you at all. Do you care about speculative execution attacks if all software running on your system is trustworthy? Probably not! Do you need to update a blob that fixes something you don’t care about and which might introduce some sort of vulnerability? Seems like no!

But there’s a difference between a recommendation for a fully informed device owner who has a full understanding of threats, and a recommendation for an average user who just wants their computer to work and to not be ransomwared. A code update on a wifi card may introduce a backdoor, or it may fix the ability for someone to compromise your machine with a hostile access point. Most people are just not going to be in a position to figure out which is more likely, and there’s no single answer that’s correct for everyone. What we do know is that where vulnerabilities in this sort of code have been discovered, updates have tended to fix them - but nobody has flagged such an update as a real-world vector for system compromise.

My personal opinion? You should make your own mind up, but also you shouldn’t impose that choice on others, because your threat model is not necessarily their threat model. Code updates are a reasonable default, but they shouldn’t be unilaterally imposed, and nor should they be blocked outright. And the best way to shift the balance of power away from vendors who insist on distributing non-free blobs is to demonstrate the benefits gained from them being free - a vendor who ships free code on their system enables their customers to improve their code and enable new functionality and make their hardware more attractive.

It’s impossible to say with absolute certainty that your security will be improved by installing code blobs. It’s also impossible to say with absolute certainty that it won’t. So far evidence tends to support the idea that most updates that claim to fix security issues do, and there’s not a lot of evidence to support the idea that updates add new backdoors. Overall I’d say that providing the updates is likely the right default for most users - and that that should never be strongly enforced, because people should be allowed to define their own security model, and whatever set of threats I’m worried about, someone else may have a good reason to focus on different ones.

Another year of work on Mahjongg is over. This was a pretty good year, with smaller improvements from several contributors. Let’s take a look at what’s new in Mahjongg 49.x.

Game Session Restoration

Thanks to contributions by François Godin, Mahjongg now remembers the previous game in progress before quitting. On startup, you have the option to resume the game or restart it.

New Pause Screen

Pausing a game used to only blank out the tiles and dim them. Since games restored on startup are paused, the lack of information was confusing. A new pause screen has since been added, with prominent buttons to resume/restart or quit. Thanks to Jeff Fortin for raising this issue !

A new Escape keyboard shortcut for pausing the game has also been added, and the game now pauses automatically when opening menus and dialogs.

New Game Rules Dialog

Help documentation for Mahjongg has existed for a long time, but it always seemed less than ideal to open and read through when you just want to get started. Keeping the documentation up-to-date and translated was also difficult. A new Game Rules dialog has replaced it, giving a quick overview of what the game is about.

Accessibility Improvements

Tiles without a free long edge now shake when clicked, to indicate that they are not selectable. Tiles are also slightly dimmer in dark mode now, and follow the high contrast setting of the operating system.

When attempting to change the layout while a game is in progress, a confirmation dialog about ending the current game is shown.

Fixes and Modernizations

Various improvements to the codebase have been made, and tests were added for the game algorithm and layout loading. Performance issues with larger numbers of entries in the Scores dialog were fixed, as well as an issue focusing the username entry at times when saving a score. Some small rendering issues related to fractional scaling were also addressed.

Mahjongg used to load its tile assets using GdkPixbuf, but since that’s being phased out, it’s now using Rsvg directly instead. The upcoming GTK 4.22 release is introducing a new internal SVG renderer, GtkSvg, which we will hopefully start using in the near future.

GNOME Circle Membership

After a few rounds of reviews from Gregor Niehl and Tobias Bernard, Mahjongg was accepted into GNOME Circle . Mahjongg now has a page on apps.gnome.org , instructions for contributing and testing on welcome.gnome.org , as well as a new app icon by Tobias.

Future Improvements

The following items are next on the roadmap:

• Port the Scores dialog to the one provided by libgnome-games-support
• Use GtkSvg instead of Rsvg for rendering tile assets
• Look into adding support for keyboard navigation (and possibly gamepad support)

Download Mahjongg

The latest version of Mahjongg is available on Flathub .

That’s all for now!

Update on what happened across the GNOME project in the week from February 20 to February 27.

GNOME Core Apps and Libraries

Calendar ↗

A simple calendar application.

Hari Rana | TheEvilSkeleton (any/all) 🇮🇳 🏳️‍⚧️ announces

Georges livestreamed himself reviewing and merging parts of merge request !598 , making the month view easier than ever to navigate with a keyboard!

This merge request introduces a coordinate-aware navigation system in the month view, which computes the coordinates of relevant event widgets and finds the nearest widget relative to the one in focus when using arrow keys. When tabbing, focus moves chronologically, meaning focus moves down until there are no event widgets overlaying that specific cell, which then moves focus to the topmost event widget found in the next cells or rows; tabbing backwards goes in the opposite direction.

To illustrate the sheer complexity of navigation in a calendaring app, here is Georges’s live reaction:

“Wow, congratulations, this is looking INSANE, Hari… The hell is going on here”

— Georges, maintainer of GNOME Calendar - https://youtu.be/smofXzVwNwQ?t=1h24m6s

Blueprint ↗

A markup language for app developers to create GTK user interfaces.

James Westman says

Blueprint 0.20.0 is here! This update includes a ton of features from many contributors. Most significantly, this release includes a linter thanks to Neighborhoodie and the STA grant. The linter catches common mistakes that go beyond simple syntax and type checking. Due to the nature of these checks, it may still have some rough edges, so please file an issue if you see room for improvement.

Also of note are a number of new completion suggestions while editing, improved type checking in expressions, and support for newer GTK features like Gtk.TryExpression.

GNOME Circle Apps and Libraries

Tobias Bernard says

Sudoku by Sepehr Rasouli was accepted into Circle! It’s what it says on the tin: A dead-simple, polished GNOME app for playing Sudoku. Congratulations 🥳

Tobias Bernard reports

Gradia by Alexander Vanhee was accepted into Circle ✨️

Edit and annotate screenshots, draw on them, add a background, and share them with the world.

https://apps.gnome.org/Gradia

Third Party Projects

Anton Isaiev says

RustConn 0.9.3 is out!

This release cycle was all about closing the gap between “it works” and “it works exactly how you’d expect.” I successfully closed every single open issue and feature request from this period, delivering major quality-of-life and security upgrades for anyone who lives in a terminal.

Highlights from this release:

Agentless Remote Monitoring: A MobaXterm-style bar now sits below your SSH, Telnet, and Kubernetes terminals, parsing /proc/* over the existing session to show live CPU, memory, disk, and network stats.

Lightning-Fast Navigation: A new Command Palette (Ctrl+P) brings VS Code-style fuzzy searching for connections, tags, and commands. I also added full support for Custom Keybindings, letting you remap 30+ actions.

Visual Organization: Tame massive connection lists with pinned Favorites, custom GTK icons or emojis, and protocol-colored tabs with group indicators (e.g., “Production” or “Staging”).

Modernized UI: Eight dialogs were migrated to modern adw::Dialog with adaptive sizing, and I’ve added screen reader support to password and connection dialogs.

Rock-Solid Security: A massive backend overhaul! Stored credentials now use AES-256-GCM with Argon2id, and the entire codebase was migrated to SecretString to prevent memory leaks. I also added full support for SSH port forwarding (-L, -R, -D).

pass Backend: A huge shoutout to community member @h3nnes for contributing a pass (passwordstore.org) backend with full GUI and CLI support!

Under the Hood: Migrated to the Rust 2024 edition, added smart protocol fallbacks for RDP/VNC to gracefully handle negotiation failures, and reached 100% translation coverage across 15 languages.

https://github.com/totoshko88/RustConn https://flathub.org/en/apps/io.github.totoshko88.RustConn

Haydn Trowell says

Typesetter, the minimalist, local-first Typst editor, gets some quality of life updates with version 0.11.0:

• New app icon
• The preview now automatically sizes itself to fit the window and your display without needing a manual PPI setting
• Invert lightness option for the preview when using dark mode
• The ability to simulate different forms of color blindness in the preview to test document accessibility
• Performance improvements, including reduced memory usage

Install via Flathub ( https://flathub.org/apps/net.trowell.typesetter )

Bilal Elmoussaoui announces

oo7-daemon, the server side of the Secret Service provider, has received a new release featuring KDE support. Making it compatible with both GNOME and KDE.

GNOME Websites

federico announces

The Code of Conduct page is now generated from the original sources with a beautiful stylesheet. Thanks for Bart for the web app and the design team for the updated look!

Shell Extensions

storageb reports

Build your own custom menu for the GNOME top bar!

Custom Command Menu is a GNOME extension that lets you build a custom menu to run commands directly from the top bar. Launch apps, run scripts, execute shell commands, and more through a simple, intuitive interface.

Version 13 introduces support for submenu creation, increases the maximum number of entries allowed, and adds compatibility with GNOME 50. This release also includes additional translations for Japanese, Chinese, Portuguese, and Polish.

More information can be found on the project’s GitHub page .

Miscellaneous

Sophie (she/her) reports

As a cost-saving measure, git traffic like git clone https://gitlab.gnome.org/GNOME/<repo> is now redirected to our mirror under https://github.com/GNOME/<repo> .

Peter Eisenmann says

Last week the long unmaintained support for Google Drive in gvfs was dropped. If you ever needed motivation to switch to a more privacy-respecting cloud provider, now is as good a time as any.

That’s all for this week!

See you next week, and be sure to stop by #thisweek:gnome.org with updates on your own projects!