| 5 Mar 2026 |
 hexa | then there's months where we get a 147.0.4 flagged as security relevant | 15:27:08 |
| hexa | that means I have to allocate builds on two days each week within one month | 15:28:35 |
| hexa | and that gets a bit stressful and wears me out | 15:28:45 |
| hexa | * that means I have to allocate builds on two consecutive days each week within one month | 15:29:14 |
| hexa | I haven't had to take care of dependencies in sync with firefox bumps, which is nice | 15:30:01 |
| hexa | * I haven't had to deal with dependency updates in sync with firefox bumps, which is nice | 15:31:36 |
| hexa | so not rust, nss, nspr, symbols-scraper, etc. | 15:32:06 |
 jopejoe1 (4094@epvpn) | I think the last few dependency updates were done as I was updating firefox-devedition | 15:36:19 |
| jopejoe1 (4094@epvpn) | Currently working on updating firefox-devedition and getting this nice error:
error: failed to calculate checksum of: /build/firefox-149.0/third_party/rust/cubeb-sys/libcubeb/.gitmodules
Caused by:
failed to open file `/build/firefox-149.0/third_party/rust/cubeb-sys/libcubeb/.gitmodules`
Caused by:
No such file or directory (os error 2)
| 16:11:34 |
 nbp | hexa: do you mind if I share this feedback with the release team? | 16:23:03 |
| hexa | not at all | 16:23:45 |
| hexa | I found out via #Mozilla Security that the 147.0.4 was unnecessary because the libvpx usage in firefox was unrelated 😉 | 16:24:28 |
| hexa | I found out via #Mozilla Security that the 147.0.4 release was unnecessary because the libvpx usage in firefox was unrelated 😉 | 16:24:44 |
| hexa | I found out via #Mozilla Security that the 147.0.4 release was unnecessary because the libvpx usage in firefox was unaffected after all 😉 | 16:24:53 |
| hexa | at first glance this looks like a faulty tarball | 16:27:31 |
| hexa | I suggest reporting this via bmo | 16:27:48 |
| hexa | * I suggest reporting this via mozbz | 16:27:55 |
| hexa | * I suggest reporting this via mozbz/bmo | 16:28:06 |
| 6 Mar 2026 |
| hexa | https://blog.mozilla.org/en/firefox/hardening-firefox-anthropic-red-team/ | 11:54:05 |
 eveeifyeve | What would someone suggest to patching the git usage here: https://github.com/zen-browser/surfer/blob/ecd6b650f0234402976dde7e775d42aec6568406/src/commands/patches/git-patch.ts#L16-L18? | 13:11:15 |
| 7 Mar 2026 |
| hexa | in the security tracker I noticed that thunderbird has too damn many aliases | 20:23:20 |
| hexa | thunderbird thunderbird-esr thunderbird-latest-bin-unwrapped
thunderbird-128 thunderbird-esr-bin thunderbird-latest-unwrapped
thunderbird-128-unwrapped thunderbird-esr-bin-unwrapped thunderbird-unwrapped
thunderbird-140 thunderbird-esr-unwrapped thunderbirdPackages
thunderbird-140-unwrapped thunderbird-latest
thunderbird-bin thunderbird-latest-bin
| 20:23:52 |
| hexa | plus | 20:24:04 |
| hexa | nix-repl> thunderbirdPackages
{
override = { ... };
overrideDerivation = «lambda overrideDerivation @ /home/hexa/git/nixos/master/lib/customisation.nix:202:32»;
recurseForDerivations = true;
thunderbird = «derivation /nix/store/kwxg8zjp1bfqw3s3qmkajg0crazjgbwq-thunderbird-unwrapped-148.0.drv»;
thunderbird-102 = «error: Thunderbird 102 support ended in September 2023»;
thunderbird-115 = «error: Thunderbird 115 support ended in October 2024»;
thunderbird-128 = «error: Thunderbird 128 support ended in August 2025»;
thunderbird-140 = «derivation /nix/store/a45r4521yxgqrw3rqv4rlk5psazw2mhr-thunderbird-unwrapped-140.7.2esr.drv»;
thunderbird-esr = «derivation /nix/store/a45r4521yxgqrw3rqv4rlk5psazw2mhr-thunderbird-unwrapped-140.7.2esr.drv»;
thunderbird-latest = «derivation /nix/store/kwxg8zjp1bfqw3s3qmkajg0crazjgbwq-thunderbird-unwrapped-148.0.drv»;
}
| 20:24:14 |
| hexa | can we trim that? | 20:24:25 |
 dish [Fox/It/She] | could probably drop the 102 and 115 aliases | 21:43:33 |
| dish [Fox/It/She] | same with 128 if you want | 21:43:46 |
| dish [Fox/It/She] | frankly i don't see a reason for the version-specific aliases, using esr or latest would be the only two reasonable choices imo | 21:44:12 |
| dish [Fox/It/She] | * frankly i don't see a reason for the version-specific aliases, using esr or latest would be the only two reasonable choices imo(besides daily or beta but im not sure if those are packaged) | 21:44:59 |
| 8 Mar 2026 |
|  @aloisw:julia0815.de left the room. | 09:36:29 |
