| 15 Feb 2026 |
 K900 | Or we slap upstream with a fish until they concede that this was a terrible idea | 15:52:08 |
 dish [Fox/It/She] | well its more an issue of having to regenerate all hashes of every dependency for every yarn package, no? unless im misunderstanding this | 15:52:15 |
| K900 | Well we can just have a separate zlib-ng-yarn | 15:52:29 |
| K900 | That's pinned to the exact version of whatever the fuck | 15:52:49 |
 emily | why do we need to do this hash in the FOD btw? | 15:53:12 |
| emily | it seems like the same kind of reproducibility-load-bearing logic that makes us reject new complex FOD dep fetchers... maintaining an old zlib forever doesn't sound fun | 15:54:14 |
| emily | we've had to patch Chromium vendored zlibs for new compilers | 15:54:37 |
| emily | the fetchCargoVendor solution is to split the fetcher FOD and the input-addressed derivation that arranges it into the format Cargo accepts, is that not viable here? | 15:57:02 |
| emily | I guess we still might need the old zlib in that drv | 15:57:19 |
| emily | it's sort of only "nice to have" to check downloads against the lock file though if we have our own hash in Nixpkgs pinning it though right? | 15:58:24 |
| emily | (but admittedly introduces another TOFU step) | 15:58:37 |
 Randy Eckenrode | I have a fix: https://github.com/NixOS/nixpkgs/pull/490757. | 17:16:24 |
| Randy Eckenrode | Do I need to target staging-next? | 17:16:59 |
 Vladimír Čunát | Yes, please. | 17:17:41 |
| Vladimír Čunát | The issue plagues staging-next already. | 17:17:51 |
