| 12 May 2025 |
 guider-le-recit | Thank you | 13:53:29 |
| 13 May 2025 |
|  kraem changed their profile picture. | 14:23:51 |
| 14 May 2025 |
|  diamond (it/its) changed their profile picture. | 01:19:34 |
| diamond (it/its) changed their profile picture. | 02:47:09 |
|  NixOS Moderation Bot banned  @dillyp3131:matrix.org (spam). | 16:12:31 |
| 17 May 2025 |
|  terrorjack set a profile picture. | 08:53:39 |
| 19 May 2025 |
|  @orzklv:floss.uz left the room. | 18:05:25 |
| 20 May 2025 |
|  Gwenn Le Bihan joined the room. | 08:13:10 |
| 24 May 2025 |
 raboof | I'm planning a follow-up on https://discourse.nixos.org/t/nixos-reproducible-builds-minimal-installation-iso-successfully-independently-rebuilt/34756 , but I fear we'll need at least https://github.com/NixOS/nixpkgs/pull/410474 before we're back on par | 15:17:48 |
| raboof | and https://github.com/NixOS/nixpkgs/issues/403122 | 21:12:51 |
| 25 May 2025 |
 loudgolem | Redacted or Malformed Event | 02:07:56 |
| 26 May 2025 |
|  matrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms) joined the room. | 18:44:20 |
| 27 May 2025 |
|  @irenes:matrix.org left the room. | 09:00:57 |
| raboof | https://discourse.nixos.org/t/nixos-reproducible-builds-minimal-installation-iso-successfully-independently-rebuilt/34756/11 🎉 | 17:11:25 |
|  misuzu joined the room. | 22:04:08 |
| 28 May 2025 |
 emily | (what's with the stuff about the 20.03 VirtualBox appliance?) | 01:41:08 |
| raboof | That's what I used as the starting point - new enough that it has the tools needed to build things, old enough that it's unlikely anything from the bootstrap would make it into the target image. It's somewhat arbitrary. | 01:46:06 |
| emily | ah, I see :) | 02:04:44 |
| emily | but you don't need to go back more than a few weeks for staging-next to mean no built packages before then would end up in the closure? | 02:05:16 |
| emily | (ignoring FODs) | 02:05:19 |
| emily | world rebuilds happen a lot more than every half-decade | 02:05:28 |
| raboof | emily: starting from an old image reduces the attack surface for supply chain attacks somewhat: an attacker would've had to infect either the 20.03 image or one of a narrower set of more recent packages. but I agree it's somewhat in the 'long tail' of concerns :) | 06:37:26 |
| emily | because even though it "adds" the risk of vulnerabilities in 20.03 producing incorrect results, one can presume that such an elaborate backdoor would have infected the bootstrap tarballs since then? fair enough | 11:16:47 |
| emily | actually I'm not sure that makes sense – because you're still not rebuilding the bootstrap tarball that's used to build the actual ISO? 🤔 | 11:17:17 |
| raboof | right, if the bootstrap tarball is infected we're toast anyway | 11:50:57 |
| emily | until minimal bootstrap at least :) | 12:00:27 |
| raboof | I could see building an 'evil 25.05 image' that'd insert malware when I'd build the ISO on it. It's much harder to see someone in 2020 building an 'evil 20.03 image' that inserts malware when I build the ISO on it in 2025 | 12:00:30 |
| raboof | not theoretically impossible, of course, which is why bootstrappable builds are still also important, but given the choice building on an 'old' image seems slightly safer than building on a recent image. | 12:02:51 |
| 29 May 2025 |
|  ch joined the room. | 17:26:44 |
| 30 May 2025 |
 fricklerhandwerk | Minimal bootstrap is one cross-compilation of gcc-i686 -> gcc-x86_64 away | 08:05:37 |
