| 28 Nov 2025 |
 522 it/its ⛯ΘΔ | i do think for machine resolution of versions you don't need semver, you only need a major version that you can bump (which, yeah, you can use branches for that) | 11:52:07 |
| 522 it/its ⛯ΘΔ | most of semver is for humans reading it | 11:52:29 |
 toonn | It's also humans writing it so it's not infallible. API inspection would be pretty cool. | 12:15:54 |
 goldstein | API inspection for Nix is hard because of laziness
you don’t know which subexprs you can even touch to inspect | 12:26:12 |
| goldstein | and also any behind a lambda is ~completely opaque I think | 12:26:36 |
| toonn | It's hard in any language TBH. | 13:44:53 |
 david | Hrm, `nix upgrade-nix` is failing with permissions issues on trying to open `/nix/var/nix/profiles/default.lock` | 22:53:10 |
| david | Having trouble finding a fix/workaround, anyone have suggestions? | 22:53:27 |
| david | "ask for help so you can solve it yourself" works yet again | 22:59:56 |
| david | `sudo nix` could not find `nix` but if I sourced the profile from a root shell upgrade-nix worked fine | 23:07:44 |
| david | Still maybe a potential issue but idk. Specifically it failed while trying to uninstall the old version of Lix (for reference, 1.93 -> 1.94) | 23:08:32 |
| 29 Nov 2025 |
 raitobezarius | In reply to @david:lenfesty.ca
Still maybe a potential issue but idk. Specifically it failed while trying to uninstall the old version of Lix (for reference, 1.93 -> 1.94) Can you open an issue? Thanks! | 00:08:59 |
|  @conformally:matrix.org left the room. | 11:41:40 |
 Arian | I think I found some weird daemon protocol incompatibility between nix and lix | 12:39:02 |
| Arian | % nix flake check --eval-store auto --store ssh-ng://altra --system aarch64-linux
error: cannot build missing derivation '/nix/store/s131lvrb3pqysw22nl0lmq8sbdflpwfc-vm-test-run-spire-join-token.drv'
from a 2.24.12 evaluator to a 1.94 remote builder.
I’m pretty certain this used to work on 1.93
| 12:39:54 |
| Arian | But this is probably in the “we dont care” territory. lemme try with lix and lix | 12:41:47 |
| raitobezarius | I wouldn't want to try hard to debug an issue that could be not on our side | 12:44:36 |
| raitobezarius | If you have more data and/or a reproducer, feel free to throw an issue at me, no promise tho | 12:44:57 |
| raitobezarius | If it's a Lix/Lix issue, of course, this is prioritized | 12:45:07 |
| 30 Nov 2025 |
 Sofie 🏳️⚧️ (she/her) | Redacted or Malformed Event | 12:07:36 |
| Sofie 🏳️⚧️ (she/her) | https://burnthewhich.github.io/shbangenv/shbangenv.html | 12:09:16 |
| Sofie 🏳️⚧️ (she/her) | lmfao, what | 12:09:20 |
| Sofie 🏳️⚧️ (she/her) | it is far more portable(as in, works on non FHS systems like NixOS);and I don't really believe it could even cause vurnerbalities | 12:10:40 |
| Sofie 🏳️⚧️ (she/her) | * | 12:10:50 |
| Sofie 🏳️⚧️ (she/her) | * | 12:11:01 |
| 522 it/its ⛯ΘΔ | i mean i guess if you consider "an attacker can put a malicious bash in your path" to be a vulnerability | 12:13:14 |
| 522 it/its ⛯ΘΔ | (but also they can put malicious "every other tool you use" in your path so) | 12:13:25 |
| 522 it/its ⛯ΘΔ | if your PATH is fucked then you are so very utterly fucked | 12:14:05 |
 aloisw | I suppose this is what they mean by "The nexus of the security vulnerability is that using #!/usr/bin/env ensures that the script itself is unable to sanitize the environment before relying upon it." But does any script actually do that? | 12:25:03 |
| Arian | In reply to @sofiedotcafe:matrix.org
it is far more portable(as in, works on non FHS systems like NixOS);and I don't really believe it could even cause vurnerbalities so /usr/bin/env bash is more portable than. /bin/bash. but less portable than /bin/sh is the thesis. but idk wtf the point is they’re trying to make | 12:28:25 |
