| 13 Nov 2025 |
 K900 | In it goes then | 11:08:47 |
 Grimmauld (any/all) | systemd 258.2 update was already merged, as well as the sdl regression fixes | 11:10:26 |
| Grimmauld (any/all) | https://github.com/HDFGroup/hdf5/milestone/10 is STILL not released | 11:11:02 |
| Grimmauld (any/all) | wait no | 11:11:14 |
| Grimmauld (any/all) | SHIT | 11:11:15 |
| Grimmauld (any/all) | it is released | 11:11:17 |
| Grimmauld (any/all) | https://github.com/HDFGroup/hdf5/releases/tag/2.0.0 | 11:11:23 |
| Grimmauld (any/all) | and fixes like 7 CVEs | 11:11:26 |
| Grimmauld (any/all) | so uhhh | 11:11:30 |
| K900 | Major version | 11:11:46 |
| Grimmauld (any/all) | this is also probably a breaking change, hdf5 updates are a pain and this is even a major update | 11:11:49 |
 Ben Sparks | "Transitioned to CMake-only builds, and Autotools is no longer in use." 🙏 a blessing | 11:12:04 |
| K900 | It's joever | 11:12:09 |
| Grimmauld (any/all) | i knew hdf5 was a painful thing | 11:12:19 |
| Grimmauld (any/all) | i am not sure what to do about it | 11:12:28 |
| Grimmauld (any/all) | https://matrix.to/#/!ZRgXNaHrdpGqwUnGnj:nixos.org/$YdiIe9QgB7r5b4H0_SMPTxnI-PFO7xUk9tSmpkb213A?via=nixos.org&via=matrix.org&via=nixos.dev
the CVEs are here | 11:13:06 |
| Grimmauld (any/all) | I don't have the time to look into hdf5 for another ~6h, i am also not sure i really want to | 11:14:21 |
| Grimmauld (any/all) | i am relying on hdf5 for my bachelors thesis (though not from nixpkgs), i have some idea about the pain with it | 11:15:02 |
| Grimmauld (any/all) | (probably not helped by the fact i need to build hdf5 for msvc tooling, but oh well) | 11:15:16 |
| Grimmauld (any/all) | the problem is: Not doing this upgrade means we'll have the CVEs on stable. Doing this upgrade is potentially breaking and will completely break the release schedule when we need to revert. | 11:17:03 |
| Grimmauld (any/all) | Either way is not great | 11:17:11 |
 leona | it's probably very awful to backport these patches? | 11:18:17 |
| Grimmauld (any/all) | I didn't explicitly look, but its quite a few CVEs and over half a year of development in an active repo makes me dread the merge conflicts | 11:19:02 |
| leona | fun | 11:19:26 |
| Grimmauld (any/all) | but fair, we could try backporting CVE fixes, then do 2.0.0 on unstable after branch-off (and backport that later if it doesn't break too much stuff on the then-unstable) | 11:19:45 |
| leona | that would be wonderful if that works IMO | 11:20:07 |
| Grimmauld (any/all) | but that needs someone with spoons fixing merge conflicts | 11:20:20 |
| Grimmauld (any/all) | ehmry is the listed maintainer, that won't fly | 11:20:34 |
| Grimmauld (any/all) | I mean i can look in ~6h, but if you want to start the staging cycle before then, then good luck | 11:20:59 |
| K900 | I can look, like, now | 11:22:00 |
