| 21 Sep 2025 |
 Grimmauld (any/all) | don't get me wrong, 2.13.9 is nice and we should absolutely pick that to 25.05 and drop our current patches on 25.11 where we have our own patches on top of 2.13.8. However, upstream already announced they'd only be maintaining libxml2 until the end of 2025. The libxslt maintainer said they'd step up for libxml2, but expecting them to carry along old versions is a bet that is quite dangerous. | 11:56:11 |
| Grimmauld (any/all) | I am only willing to do it if you are the idiot volunteering to backport all the patches yourself if 2.14.x doesn't get backports! | 11:56:40 |
 K900 | Actually a decent chance that I'll finish the rebuild today | 11:57:49 |
 Vladimír Čunát | OK. I wasn't really following this long-term, just happened to see this 2.13.9. One possibility is always to piggy-back on some distro that takes security seriously (and happens to follow a particular package branch). | 11:59:17 |
| K900 | Somehow | 11:57:52 |
| Grimmauld (any/all) | debian is still on ANCIENT versions with tens of patches. Fedora could work... | 12:02:12 |
| Grimmauld (any/all) | i expect arch to just yolo, either upgrading or not patching. That is the arch way anyways, i have looked at this before. | 12:02:46 |
| Grimmauld (any/all) | yeah arch already did 2.15.0 | 12:03:20 |
| Grimmauld (any/all) | https://repology.org/project/libxml2/versions | 12:03:23 |
| Grimmauld (any/all) | wait even fedora is still on 2.12 | 12:03:47 |
| Vladimír Čunát | Fedora is 2.12 ?!
https://packages.fedoraproject.org/pkgs/libxml2/libxml2/ | 12:03:47 |
| Grimmauld (any/all) | ugh | 12:03:48 |
| Vladimír Čunát | Ubuntu also doesn't go beyond 2.12. | 12:04:20 |
| Vladimír Čunát | * Ubuntu also doesn't go beyond 2.12 thus far. | 12:04:25 |
| Grimmauld (any/all) | gentoo is patching along 2.13 | 12:04:27 |
| Grimmauld (any/all) | and apparently 2.14 too | 12:04:42 |
| Vladimír Čunát | * Ubuntu also doesn't go beyond 2.12 thus far. (just following Debian in here, I expect) | 12:04:44 |
| Grimmauld (any/all) | so i guess we could fetch gentoo | 12:04:50 |
| Vladimír Čunát | Ah, they have a separate package after the ABI bump?
https://packages.ubuntu.com/questing/libxml2-16 | 12:05:58 |
| Vladimír Čunát | It all looks like a mess. | 12:06:18 |
| Grimmauld (any/all) | thats what i am saying | 12:06:55 |
| Grimmauld (any/all) | i don't want to carry more than necessary | 12:07:04 |
| Vladimír Čunát | Too new version can also create work, as you see, but the security maintenance work is hard to predict. Though recently they did have lots of CVEs. | 12:10:06 |
| Vladimír Čunát | Anyway, if you think 2.15 will be better, I certainly don't oppose that. | 12:10:49 |
| K900 | So who's getting sniped into writing multilib stdenv for 26.05 | 12:22:22 |
| K900 | (please don't be me) | 12:22:29 |
| K900 | (this message is brought to you by pandoc-i686-linux) | 12:24:03 |
 emily | I trust containers org | 13:11:42 |
| emily | so switching seems good | 13:11:46 |
| K900 | If you want to snipe me to it, feel free | 13:12:04 |
