!LemuOOvbWqRXodtSsw:nixos.org

NixOS Reproducible Builds

492 Members
Report: https://reproducible.nixos.org Project progress: https://github.com/orgs/NixOS/projects/30107 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
17 May 2025
@terrorjack:matrix.orgterrorjack set a profile picture.08:53:39
19 May 2025
@orzklv:floss.uz@orzklv:floss.uz left the room.18:05:25
20 May 2025
@glebihan:laas.frGwenn Le Bihan joined the room.08:13:10
24 May 2025
@raboof:matrix.orgraboofI'm planning a follow-up on https://discourse.nixos.org/t/nixos-reproducible-builds-minimal-installation-iso-successfully-independently-rebuilt/34756 , but I fear we'll need at least https://github.com/NixOS/nixpkgs/pull/410474 before we're back on par15:17:48
@raboof:matrix.orgraboofand https://github.com/NixOS/nixpkgs/issues/40312221:12:51
25 May 2025
@phanirithvij:matrix.orgloudgolemRedacted or Malformed Event02:07:56
26 May 2025
@deeok:matrix.orgmatrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms) joined the room.18:44:20
27 May 2025
@irenes:matrix.org@irenes:matrix.org left the room.09:00:57
@raboof:matrix.orgraboofhttps://discourse.nixos.org/t/nixos-reproducible-builds-minimal-installation-iso-successfully-independently-rebuilt/34756/11 🎉17:11:25
@misuzu:matrix.orgmisuzu joined the room.22:04:08
28 May 2025
@emilazy:matrix.orgemily(what's with the stuff about the 20.03 VirtualBox appliance?)01:41:08
@raboof:matrix.orgraboofThat's what I used as the starting point - new enough that it has the tools needed to build things, old enough that it's unlikely anything from the bootstrap would make it into the target image. It's somewhat arbitrary.01:46:06
@emilazy:matrix.orgemilyah, I see :)02:04:44
@emilazy:matrix.orgemily but you don't need to go back more than a few weeks for staging-next to mean no built packages before then would end up in the closure? 02:05:16
@emilazy:matrix.orgemily(ignoring FODs)02:05:19
@emilazy:matrix.orgemilyworld rebuilds happen a lot more than every half-decade02:05:28
@raboof:matrix.orgraboof emily: starting from an old image reduces the attack surface for supply chain attacks somewhat: an attacker would've had to infect either the 20.03 image or one of a narrower set of more recent packages. but I agree it's somewhat in the 'long tail' of concerns :) 06:37:26
@emilazy:matrix.orgemilybecause even though it "adds" the risk of vulnerabilities in 20.03 producing incorrect results, one can presume that such an elaborate backdoor would have infected the bootstrap tarballs since then? fair enough11:16:47

Show newer messages

Back to Room ListRoom Version: 6