!CJXQiUGqNPcFonEdME:nixos.org

NixOS Foundation

457 Members
Public room for chatting with the NixOS Foundation Board113 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
13 May 2024
@martijn:id.plebian.nlmartijn left the room.16:06:18
@arianvp:matrix.orgArian left the room.17:38:20
14 May 2024
@edsoncsouza:matrix.org@edsoncsouza:matrix.org joined the room.08:57:21
@chrillefkrr:matrix.orgchrillefkrr joined the room.15:41:37
@infinisil:matrix.orginfinisil changed their profile picture.17:44:39
@james:gec.im@james:gec.im joined the room.21:53:03
15 May 2024
@k900:0upti.meK900 joined the room.08:31:39
@k900:0upti.meK900Hey folks, I've had a few people ask for my vouch on the assembly applications, so I wrote some words and sent them to the foundation@ email08:32:05
@drupol:matrix.orgPolRedacted or Malformed Event09:05:55
@jowburner:matrix.orgjowburner joined the room.12:32:00
@johannes.kirschbauer:scs.ems.host@johannes.kirschbauer:scs.ems.host joined the room.19:25:24
@lassulus:lassul.uslassulus changed their profile picture.19:31:14
@jottr:matrix.orgjottr joined the room.21:16:59
16 May 2024
@ronef:matrix.orgronefAs promised (can't believe we did this in two weeks), the announcement regarding the selection of the Constitutional Assembly is here - https://discourse.nixos.org/t/nixos-foundation-board-constitutional-assembly-appointment/45504 Thank you again to everyone that cared, took time, is taking time to make this progress ❤️03:30:43
@kayh_online:matrix.orgkayh joined the room.14:59:22
@bb010g:matrix.orgDusk Colin: Just read that you were looking for this in the Zulip. Here's the NixOS.org iCalendar file. https://calendar.google.com/calendar/ical/b9o52fobqjak8oq8lfkhg3t0qg%40group.calendar.google.com/public/basic.ics 17:55:33
@piegames:matrix.org@piegames:matrix.org left the room.18:57:17
@fricklerhandwerk:matrix.orgfricklerhandwerk

Hi everyone, I got an email that the Sovereign Tech Fund extended an invitation to the Bug Resilience Program, because we participated in last year's Contribute Back Challenge, which means that Nix/Nixpkgs/NixOS is considered critical infrastructure.

Very briefly, the offer is:

  • Developer time provided by a software consultancy
  • Get hosted on YesWeHack with a bug bounty program, and get an unspecified amount of funding to pay bounties
  • Get security audits conducted by OSTIF

As these are largely in-kind contributions, those require resources to get accepted. Is there interest in the security community to capture that influx of attention?

The applications are "first come first serve", so if the general sentiment is that we should pursue it, that decision and a write-up should happen very soon (presumably on the order of days).
In particular we would have to define a scope to which the audits and bug bounties extend. A natural choice would be C++ Nix, but it could in principle also be the Nixpkgs/NixOS code base or our contribution workflows.

What do you think? I also posted this on Nix Hackers since getting developer time is something we wanted for many months now, and Security Discussions since it's about security.

19:18:59
@kasper24:matrix.orgKasper joined the room.19:57:07

Show newer messages

Back to Room ListRoom Version: 10