| 21 Sep 2025 |
 K900 | I would REALLY like to not add a systemd update into the mix | 08:26:24 |
 ElvishJerricco | the benefit of doing it this cycle is just that systemd initrd would benefit from more people using it sooner before release, but it's not that big a deal | 08:26:37 |
| ElvishJerricco | (well, the systemd "update" would just be a small patch to the shutdown code) | 08:27:13 |
| ElvishJerricco | (i'm not talking about 258 right now) | 08:27:25 |
| K900 | Oh | 08:27:29 |
| K900 | Ehhh | 08:27:35 |
| ElvishJerricco | still just don't want to introduce systemd-initrd-by-default in this cycle? That's fine | 08:28:28 |
| K900 | I am at this point genuinely just afraid of touching it lol | 08:28:54 |
| K900 | (outside of fixing cmake 4) | 08:28:59 |
| ElvishJerricco | lol ok | 08:29:30 |
 ofalvai | Small fix for toml11 and LLVM 21: https://github.com/NixOS/nixpkgs/pull/444901 | 09:03:41 |
| K900 | OK there's a lot | 09:54:16 |
| K900 | Of cmake 4 fails | 09:54:24 |
| K900 | And I'm not even close to done | 09:54:34 |
 Vladimír Čunát | Should we call an early ZHF for staging-next this time? 😁 | 11:03:04 |
 Grimmauld (any/all) | there is still libxml that'll break shit | 11:46:28 |
| Vladimír Čunát | I don't expect we even need it in 25.11 when it comes to it. | 11:47:26 |
| Vladimír Čunát | * I don't expect we even need libxml2 2.15 in 25.11 when it comes to it. | 11:47:53 |
| Vladimír Čunát | 2.13 is still getting security fixes apparently, so I expect 2.14 can hold for several more months. | 11:48:36 |
| Grimmauld (any/all) | we are manually backporting them, and only because there is things that insist on the old ABI | 11:52:02 |
| Grimmauld (any/all) | if it were me we'd have dropped that long ago | 11:52:13 |
| Grimmauld (any/all) | i do NOT want to repeat this backport hell on 25.11 | 11:52:22 |
| Vladimír Čunát | 2.13 is getting security fixes upstream | 11:52:48 |
| Vladimír Čunát | Released about a week ago:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/04af2cabb9f859c198b8a553c028a87481199410 | 11:53:15 |
| Grimmauld (any/all) | it got 2.13.9 apparently last week. After like 15 other CVEs went unfixed for several months and we needed to do manual backport | 11:53:25 |
| Grimmauld (any/all) | so yes, that exists, but i am not confident this is something we can bet on for our release | 11:54:03 |
| Grimmauld (any/all) | don't get me wrong, 2.13.9 is nice and we should absolutely pick that to 25.05 and drop our current patches on 25.11 where we have our own patches on top of 2.13.8. However, upstream already announced they'd only be maintaining libxml2 until the end of 2025. The libxslt maintainer said they'd step up for libxml2, but expecting them to carry along old versions is a bet that is quite dangerous. | 11:56:11 |
| Grimmauld (any/all) | I am only willing to do it if you are the idiot volunteering to backport all the patches yourself if 2.14.x doesn't get backports! | 11:56:40 |
| K900 | Actually a decent chance that I'll finish the rebuild today | 11:57:49 |
| Vladimír Čunát | OK. I wasn't really following this long-term, just happened to see this 2.13.9. One possibility is always to piggy-back on some distro that takes security seriously (and happens to follow a particular package branch). | 11:59:17 |
