| 7 Dec 2024 |
 hexa | and the maintainer is mpagano | 18:52:13 |
| hexa | curses | 18:52:15 |
 Winter | some from Intel, some from the guy | 18:52:22 |
| 8 Dec 2024 |
 aleksana (force me to bed after 18:00 UTC) | In reply to @joerg:thalheim.io
Is there some issue here, I don't see? https://github.com/NixOS/nixos-wiki-infra/issues/161 Should we explicitly tell users not to report vulnerabilities in the infrastructure publicly? | 03:41:28 |
 Tomodachi94 (they/them) | I think we already do through the issue templates. Third option down at https://github.com/NixOS/infra/issues/new/choose | 05:19:52 |
| Tomodachi94 (they/them) | I think we already do through the issue templates. Third option down at https://github.com/NixOS/infra/issues/new/choose ignore me, this is for the wiki infra | 05:20:22 |
| Tomodachi94 (they/them) | I think we already do through the issue templates. Third option down at https://github.com/NixOS/infra/issues/new/choose ignore me, I missed that this is for the wiki infra | 05:20:28 |
| Tomodachi94 (they/them) | Probably would be good to copy that issue template to the wiki infra repo as well though | 05:22:03 |
 tgerbet | It was leaked on his stream so the info was kinda public already in this case | 09:34:42 |
 aidalgol | I daresay that's much much less visible than the project's issue tracker. | 09:38:27 |
 @shadowrz:nixos.dev | In reply to @aleksana:mozilla.org
Not dealing with package request is even better: https://github.com/NixOS/nixpkgs/issues/308154 I thought you wanted to close it immidieately | 10:53:02 |
| @shadowrz:nixos.dev | Also follow up: https://github.com/ultralytics/ultralytics/issues/18027#issuecomment-2525468276 | 10:53:10 |
 emily | yaya and teutat3s, do you need help with electron? | 18:14:24 |
 teutat3s | emily: I can get to a version bump later today or tomorrow. If you wanna help, feel free to create a PR | 18:16:21 |
 yaya | In reply to @me:indeednotjames.com
yaya and teutat3s, do you need help with electron? i'm offline until mid-january | 18:24:58 |
| emily | In reply to @teutat3s:pub.solar
emily: I can get to a version bump later today or tomorrow. If you wanna help, feel free to create a PR think i would prefer if you could give it a shot first and review request me to get it reviewed and merged.
feel free to dm me on matrix if you need help :)
| 18:50:20 |
| 9 Dec 2024 |
 ElvishJerricco | https://github.com/NixOS/nixpkgs/pull/350097
Does anyone have access to a number of other distros to check which of them disable %h/.ssh/authorized_keys? That seems unprecedented to me
| 00:07:35 |
| hexa | not aware of any that does that | 00:09:07 |
 uep | We do this, in a corporate environment, to ensure that keys added on bastions are yubikey-resident, on our issued yubikeys, with a pin required. | 01:33:43 |
| uep | It seems ludicrous as a default | 01:34:03 |
| hexa | yeah, it is a hardening effort that should be opt-in | 01:35:15 |
| hexa | it would be unexpected to deviate from that default | 01:35:30 |
| uep | and the original issue seems to be something about sudo not ssh; i'm sure there's some long argument in the middle that's been collapsed/hidden as to how breaking ssh helps that | 01:35:39 |
| ElvishJerricco | the problem wasn't even sudo; it was a PAM module that you have to opt-into. The PAM module basically says that wheel users can sudo without password as long as their ssh-agent says they've unlocked their SSH key. If you can just add keys in your home-dir, then that's effectively no auth | 01:41:12 |
| ElvishJerricco | but that's just a badly designed PAM module IMO | 01:41:29 |
| ElvishJerricco | and it has been fixed | 01:41:31 |
| uep | yeah, thanks; that's a nice concise description of what i had roughly surmised | 01:43:24 |
| uep | i wonder what the fix is, since I can still run my own ssh agent that says whatever I want, even without writing keys in my homedir. For one, i could just forward an agent from elsehwe4re | 01:45:27 |
| uep | * i wonder what the fix is, since I can still run my own ssh agent that says whatever I want, even without writing keys in my homedir. For one, i could just forward an agent from elsewhere | 01:45:35 |
| uep | and regardless of that i don't see why breaking ssh is helpful | 01:46:47 |
