| 10 May 2025 |
|  @strutztm:strutztm.de left the room. | 19:52:02 |
| 12 May 2025 |
 guider-le-recit | While this is unfortunante, I managed to learn a lot during the contribution period. Can i continue with my prior work even though im not an outrachy intern | 13:19:15 |
 Fernando Rodrigues | In reply to @guider-le-recit:matrix.org
While this is unfortunante, I managed to learn a lot during the contribution period. Can i continue with my prior work even though im not an outrachy intern Of course! You can still be a volunteer like the rest of us! | 13:19:49 |
| guider-le-recit | and i can still ask questions when things get confusing? | 13:21:14 |
| Fernando Rodrigues | Of course. | 13:22:04 |
| guider-le-recit | Thank you | 13:53:29 |
| 13 May 2025 |
|  kraem changed their profile picture. | 14:23:51 |
| 14 May 2025 |
|  diamond (it/its) changed their profile picture. | 01:19:34 |
| diamond (it/its) changed their profile picture. | 02:47:09 |
|  NixOS Moderation Bot banned  @dillyp3131:matrix.org (spam). | 16:12:31 |
| 17 May 2025 |
|  terrorjack set a profile picture. | 08:53:39 |
| 19 May 2025 |
|  @orzklv:floss.uz left the room. | 18:05:25 |
| 20 May 2025 |
|  Gwenn Le Bihan joined the room. | 08:13:10 |
| 24 May 2025 |
 raboof | I'm planning a follow-up on https://discourse.nixos.org/t/nixos-reproducible-builds-minimal-installation-iso-successfully-independently-rebuilt/34756 , but I fear we'll need at least https://github.com/NixOS/nixpkgs/pull/410474 before we're back on par | 15:17:48 |
| raboof | and https://github.com/NixOS/nixpkgs/issues/403122 | 21:12:51 |
| 25 May 2025 |
 loudgolem | Redacted or Malformed Event | 02:07:56 |
| 26 May 2025 |
|  matrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms) joined the room. | 18:44:20 |
| 27 May 2025 |
|  @irenes:matrix.org left the room. | 09:00:57 |
| raboof | https://discourse.nixos.org/t/nixos-reproducible-builds-minimal-installation-iso-successfully-independently-rebuilt/34756/11 🎉 | 17:11:25 |
|  misuzu joined the room. | 22:04:08 |
| 28 May 2025 |
 emily | (what's with the stuff about the 20.03 VirtualBox appliance?) | 01:41:08 |
| raboof | That's what I used as the starting point - new enough that it has the tools needed to build things, old enough that it's unlikely anything from the bootstrap would make it into the target image. It's somewhat arbitrary. | 01:46:06 |
| emily | ah, I see :) | 02:04:44 |
| emily | but you don't need to go back more than a few weeks for staging-next to mean no built packages before then would end up in the closure? | 02:05:16 |
| emily | (ignoring FODs) | 02:05:19 |
| emily | world rebuilds happen a lot more than every half-decade | 02:05:28 |
| raboof | emily: starting from an old image reduces the attack surface for supply chain attacks somewhat: an attacker would've had to infect either the 20.03 image or one of a narrower set of more recent packages. but I agree it's somewhat in the 'long tail' of concerns :) | 06:37:26 |
| emily | because even though it "adds" the risk of vulnerabilities in 20.03 producing incorrect results, one can presume that such an elaborate backdoor would have infected the bootstrap tarballs since then? fair enough | 11:16:47 |
| emily | actually I'm not sure that makes sense – because you're still not rebuilding the bootstrap tarball that's used to build the actual ISO? 🤔 | 11:17:17 |
| raboof | right, if the bootstrap tarball is infected we're toast anyway | 11:50:57 |
