| 25 Mar 2025 |
 emily | we already removed tons of packages for that | 12:43:10 |
| emily | are the remaining ones that important? | 12:43:20 |
| emily | kubernix looks like something that probably won't even work any more and that is likely using ancient/insecure versions if it does | 12:44:25 |
 Toma | okay, I don't really care if it doesn't get merged,
the main thing is that the PR exists so in case someone really wants it they can take the changes | 12:46:13 |
 K900 | What's the packages? | 12:46:44 |
| K900 | Do we have a list? | 12:46:52 |
| Toma | see the linked issue | 12:46:51 |
| K900 | https://github.com/yxdunc/lipl has a v3 lockfile in master and hasn't been touched in 3 years otherwise | 12:47:56 |
| K900 | kubernix author is also its maintainer in nixpkgs | 12:48:40 |
| K900 | We can probably ask for a tag? | 12:48:43 |
| K900 | system-syzygy has a 1.0.2 tag with a v3 lockfile | 12:49:29 |
| K900 | I feel like we can just bump the two and ask the author about the third one | 12:50:53 |
| K900 | And never have this problem again | 12:51:01 |
| Toma | I guess
also, since importCargoLock supports v1 anyways, weird old software can fall back to that | 12:51:50 |
| K900 | Oh let's rip that out too lol | 12:52:12 |
| Toma | I don't really agree: it's very simple to support because importCargoLock is written in nix and can use laziness | 12:54:33 |
| K900 | I'm not thinking about it in terms of difficulty to support tbh | 12:55:04 |
| K900 | I'm thinking about it in terms of policy | 12:55:11 |
| K900 | Any software that still has a pre-v3 lockfile hasn't been touched since what, 2020? | 12:55:33 |
| K900 | We probably don't want to be shipping that | 12:55:44 |
| K900 | Even if we technically can + | 12:55:51 |
| K900 | * Even if we
technically can | 12:56:01 |
| emily | Alyssa removed like 50 packages for having old lock file versions | 13:16:42 |
| emily | so it seems a bit late to start caring about :P | 13:16:47 |
| emily | we can just bump to HEAD | 13:17:56 |
| K900 | Yeah that's what I'm saying | 13:18:08 |
| emily | I really do not think we want to ship a tool using pinned Kubernetes dependencies from 2019. https://github.com/saschagrunert/kubernix#what-is-inside | 13:18:36 |
| emily | like even if this does still function with current Nixpkgs which I am somewhat sceptical about, it's plain dangerous | 13:18:55 |
| emily | https://github.com/saschagrunert/kubernix/issues/1204 declared unmaintained upstream | 13:19:19 |
| emily | release version is apparently broken: https://github.com/saschagrunert/kubernix/issues/720 | 13:20:01 |
