NixOS Reproducible Builds - Public Room Timeline

	NixOS Reproducible Builds	544 Members
	Report: https://reproducible.nixos.org Project progress: https://github.com/orgs/NixOS/projects/30	123 Servers

Load older messages

Sender	Message	Time
8 Oct 2021
baloo	https://buildkite.com/tomberek/r13y/builds/22	18:26:37
baloo	I grabbed the iso_minimal report artifact here	18:26:47
baloo	I think	18:26:49
baloo	meh	18:27:02
baloo	I mixed up my tar files	18:27:13
baloo	1449 out of 1517 (95.52%) paths in the nixos.iso_minimal.x86_64-linux installation image are reproducible!	18:28:24
baloo	okay, same thing then	18:28:31
baloo	ho, for ea4524e6cc7761c3cc271233fa97b5e7473f760a	18:28:39
baloo	still a couple hundred commits behind :(	18:28:47
baloo	so that's without my fix	18:28:55
tomberek	yeah, we can just hard-bump nix in the repo? one sec	18:41:10
baloo	it's fixed on nixpkgs master	18:43:11
9 Oct 2021
baloo	back at 100% \o/	16:53:31
@trofi:matrix.org	\o/	17:15:14
tomberek	Woohooo!	17:19:22
12 Oct 2021
	wizeman joined the room.	01:42:06
	eordano joined the room.	10:07:46
13 Oct 2021
	rch joined the room.	18:41:24
baloo	"openssf annonces $10m for investment in software supply chain"	21:55:19
baloo	nice of them to invest that much money in nix wow	21:55:30
14 Oct 2021
j-k	Download image.png	09:09:24
j-k	Download image.png	09:09:41
j-k	Its 10mil funding to the OpenSSF from industry, for the above	09:10:07
j-k	And that's ignoring the thousands of dollars that have already gone into PyPI to upgrade their platform and implement TheUpdateFramework practices	09:10:50
j-k	Why is there interest now? Big high profile breaches month after month	09:11:21
j-k	Download image.png	09:11:24
j-k	nice of them to invest that much money in nix wow That's a funny comment but it's also really painful to read FYI people involved in the Supply Chain Security part of the CNCF Security TAG and the SLSA framework are actually trying multiple times to reach out to the nix community in Discorse and Matrix but it gets fck all traction One person showed interest and joined the channel to discuss SLSA and where nix as-is destroys requirements and pain points with ease Jean-Paul in both the Dev and Security channels was asking if it was a good idea to put nixpkgs forward for a potential pro-bono security audit* at their employer and again f*ck all interest Then later on we start wondering, where's the funding, where's the adoption? Why is there a massive wave of interest in Supply Chain but they're building from scratch? Why aren't they learning off the OVER 10 years of work around nix/nixpkgs	09:11:50
j-k	Download image.png	09:12:08
j-k	https://matrix.to/#/#nix-slsa:matrix.org	09:12:28
j-k	https://github.com/slsa-framework/slsa/issues/156#issuecomment-930136723	09:13:00

Show newer messages

Back to Room ListRoom Version: 6