| 28 May 2021 |
|  Emil Karlson set a profile picture. | 10:04:01 |
|  okpedersen joined the room. | 13:07:57 |
| 29 May 2021 |
|  Ochoa joined the room. | 02:31:20 |
|  justinrestivo changed their display name from justinrestivo to oh caml >>=. | 12:20:55 |
| justinrestivo changed their profile picture. | 12:21:58 |
| justinrestivo changed their display name from oh caml >>= to justinrestivo. | 12:22:25 |
| justinrestivo changed their profile picture. | 12:23:57 |
|  Mark left the room. | 19:13:37 |
|  cyplo joined the room. | 19:58:51 |
|  antifuchs joined the room. | 22:37:13 |
| antifuchs set a profile picture. | 22:49:09 |
| 31 May 2021 |
|  morrpl joined the room. | 00:09:42 |
|  [0x4A6F] changed their display name from [0x4A6F] to 0x4A6F. | 08:24:28 |
|  isti115 joined the room. | 09:22:01 |
|  jfroche joined the room. | 18:35:26 |
| 1 Jun 2021 |
| [0x4A6F] changed their display name from 0x4A6F to [0x4A6F]. | 06:36:29 |
|  stigo left the room. | 13:14:47 |
| 3 Jun 2021 |
 andi- | I know I talked about it a few times on IRC but I finally sat down and implemented an experiment to provide opt-in hardening for services: https://github.com/andir/nixpkgs/commit/4d9c0cfdab5d681ff0372bf8b5a2ac6e650c9b8c | 17:22:39 |
| andi- | Merging of lists with default values is really bad.. If you want to opt-in to one feature but don't want to repeat the entire exclude list (which is the default value) it becomes repetitive again. | 18:12:12 |
 aaron | andi-: in my opinion this is significantly better than what has been proposed in the past | 19:43:54 |
| aaron | ❤️ andi- | 19:44:03 |
| aaron | i just quickly looked at it... i'll read it when i have more time, but i like this approach more | 19:44:55 |
| andi- | We still have a problem of exlcluding a single mitigation in one of the larger lists but I'll keep iterating | 20:06:20 |
 Las | andi-:
This commit introduces a new
systemd.services.<service-name>.defaultHarddefaultHardening option
that allows specifiying a profile level that should be applied.
| 20:39:28 |
| Las | I assume this is a typo? | 20:39:35 |
| andi- | the long option name? If so, yes. | 21:25:30 |
| 4 Jun 2021 |
| antifuchs | oh, this is pretty neat! | 00:29:37 |
 Roos | andi-: That looks awesome. | 00:32:46 |
| Roos | What's the policy on changing those hardening options? | 00:33:01 |
| Roos | Also, is there a eta-reduction I don't understand or is the unitConfig argument unused? :/ | 00:35:41 |
