| 8 Oct 2021 |
 baloo | 1449 out of 1517 (95.52%) paths in the nixos.iso_minimal.x86_64-linux installation image are reproducible! | 18:28:24 |
| baloo | okay, same thing then | 18:28:31 |
| baloo | ho, for ea4524e6cc7761c3cc271233fa97b5e7473f760a | 18:28:39 |
| baloo | still a couple hundred commits behind :( | 18:28:47 |
| baloo | so that's without my fix | 18:28:55 |
 tomberek | yeah, we can just hard-bump nix in the repo? one sec | 18:41:10 |
| baloo | it's fixed on nixpkgs master | 18:43:11 |
| 9 Oct 2021 |
| baloo | back at 100% \o/ | 16:53:31 |
 @trofi:matrix.org | \o/ | 17:15:14 |
| tomberek | Woohooo! | 17:19:22 |
| 12 Oct 2021 |
|  wizeman joined the room. | 01:42:06 |
|  eordano joined the room. | 10:07:46 |
| 13 Oct 2021 |
|  rch joined the room. | 18:41:24 |
| baloo | "openssf annonces $10m for investment in software supply chain" | 21:55:19 |
| baloo | nice of them to invest that much money in nix wow | 21:55:30 |
| 14 Oct 2021 |
 j-k | 
Download image.png | 09:09:24 |
| j-k | 
Download image.png | 09:09:41 |
| j-k | Its 10mil funding to the OpenSSF from industry, for the above | 09:10:07 |
| j-k | And that's ignoring the thousands of dollars that have already gone into PyPI to upgrade their platform and implement TheUpdateFramework practices | 09:10:50 |
| j-k | Why is there interest now? Big high profile breaches month after month | 09:11:21 |
| j-k | 
Download image.png | 09:11:24 |
| j-k |
nice of them to invest that much money in nix wow
That's a funny comment but it's also really painful to read
FYI people involved in the Supply Chain Security part of the CNCF Security TAG and the SLSA framework are actually trying multiple times to reach out to the nix community in Discorse and Matrix but it gets f*ck all traction
One person showed interest and joined the channel to discuss SLSA and where nix as-is destroys requirements and pain points with ease
Jean-Paul in both the Dev and Security channels was asking if it was a good idea to put nixpkgs forward for a potential pro-bono security audit at their employer and again f*ck all interest
Then later on we start wondering, where's the funding, where's the adoption? Why is there a massive wave of interest in Supply Chain but they're building from scratch? Why aren't they learning off the OVER 10 years of work around nix/nixpkgs
| 09:11:50 |
| j-k | 
Download image.png | 09:12:08 |
| j-k | https://matrix.to/#/#nix-slsa:matrix.org | 09:12:28 |
| j-k | https://github.com/slsa-framework/slsa/issues/156#issuecomment-930136723 | 09:13:00 |
| j-k | The nix/nixos project is consistently high in graphs covering activity of opensource projects but even with all this supply chain focus, very little attention is going to nix
It was even in the background in the keynotes. | 09:15:54 |
| j-k | 
Download image.png | 09:15:59 |
 Alyssa Ross | j-k: do you have a link to the discourse discussion? | 09:19:32 |
| Alyssa Ross | sad that I've missed this | 09:19:37 |
| j-k | https://discourse.nixos.org/t/generating-software-bill-of-materials-from-derivation/14089 | 09:19:54 |
