| 14 Oct 2021 |
 baloo | j-k: that was just a sarcastic comment, I do not know what your involvement in openssf. But I appreciate any effort toward fixing those issue | 15:40:23 |
| baloo | * j-k: that was just a sarcastic comment, I do not know what your involvement in openssf. But I appreciate any effort toward fixing those issues | 15:40:33 |
| baloo | I think nix is one of the best platform out there to fix those issues, but this is, for sure, the only solution, and other tools needs effort | 15:41:45 |
| baloo | * I think nix is one of the best platform out there to fix those issues, but this is, for sure, not the only solution, and other tools needs effort | 15:42:01 |
| baloo | I did not actually know people reached out :) | 15:42:33 |
| baloo | thanks for pointing them out | 15:42:50 |
 j-k |
that was just a sarcastic comment
I'm aware, as I said I found it funny too but it was also a good opportunity to get into how we improve some of this š
how we can show people the work that everyone has done around nix before they started showing an interest in supply chain
| 15:43:35 |
| j-k | Yeah it's a bit difficult to keep up with different messages and such. Matrix and Discorse flow so fast and there's a sea of GH issues
I'm not sure what we can do to solve that though | 15:44:33 |
| baloo | I think the dedicated matrix room is a good thing | 15:46:08 |
| baloo | maybe ask for dedicated tag on github | 15:46:28 |
| baloo | like the one we have for reproducibility issues | 15:46:50 |
| baloo | quick question, what does SLSA stand for? | 15:47:05 |
| j-k | Supply-chain Levels for Software Artifacts https://slsa.dev/ | 15:47:20 |
| j-k | I'll go over a short explanation of Supply Chain (Security) in the discorse post so it clicks for people where nix already handles some of this | 15:48:13 |
| j-k | Also I've noticed most people are fine with the concept of Pipelines (specifically CI CD pipelines) now but they don't connect that with Supply Chains (e.g. any other supply chain such as food, silicon wafers, etc, Just a long chain of inputs and outputs). I was the same at the beginning but then it clicked | 15:51:20 |
| baloo | Those are hard problem to solve, and we can't expect everyone to understand it all. There are also a ton of bad examples out there. | 15:56:37 |
| j-k | Yep, they're hard problems to solve but on the other hand I'm finding them even harder to solve without nix š | 16:05:17 |
 tomberek | j-k: Iād be happy take those conversations and devote some time. | 20:47:08 |
| 15 Oct 2021 |
| j-k | For anyone who didn't join the channel but is interested in the post I promised yesterday:
https://discourse.nixos.org/t/over-10-million-donated-for-supply-chain-security-an-opertunity-for-growth-and-adoption/15508 | 10:40:48 |
 toonn | What's the new channel for, how does it differ from this one? | 10:51:03 |
 Jamie | sounds like someone's testing whether the channel is reproducible :P | 10:53:43 |
| j-k | It's to review how nix can solve supply chain security issues, specifically focused on comparing it against the SLSA framework requirements. It can also help us discuss suggestions to feed back to the SLSA framework for changes. Also it straddles Security and Reproducibility
https://matrix.to/#/#nix-slsa:matrix.org
And it's there so this channel doesn't get swamped | 11:43:50 |
| j-k | ok it finally sent... not sure why it was having issues | 11:44:17 |
|  Xe changed their profile picture. | 19:14:38 |
| 16 Oct 2021 |
 @trofi:matrix.org | A bit of signal boost in hopes of getting a reviewer: https://github.com/NixOS/nixpkgs/pull/140179 | 15:15:21 |
| baloo | could we imagine a more generic approach? | 21:37:53 |
| baloo | nevermind | 21:38:21 |
| baloo | no | 21:38:22 |
| baloo | actually, that could maybe work | 22:47:27 |
| baloo | what if ... when doCheck==true, we added a "tests" output | 22:47:44 |
