!UNVBThoJtlIiVwiDjU:nixos.org

Staging

396 Members
Staging merges | Running staging cycles: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+head%3Astaging-next+head%3Astaging-next-25.11 | Review Reports: https://malob.github.io/nix-review-tools-reports/128 Servers

Load older messages


SenderMessageTime
30 Jun 2026
@xokdvium:matrix.orgSergei Zimmerman (xokdvium)Right yeah, I suppose so. Though the breakage seems rather scoped (i.e. 10s wait under yet undeterminted conditions)23:57:46
@hexa:lossy.networkhexathen I gues via staging-next or staging-nixos, whichever comes first23:58:14
@emilazy:matrix.orgemily hexa: any thoughts on ^? 23:59:59
1 Jul 2026
@hexa:lossy.networkhexapretty sure lesuisse already responded on the closed pr00:00:15
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/533237#issuecomment-484406019100:00:30
@emilazy:matrix.orgemilyagreed on picking vs. bumping00:00:50
@emilazy:matrix.orgemily I'm more concerned about whether we put it in staging-next, given the severity 00:00:59
@emilazy:matrix.orgemilyit's ~50k rebuilds per platform but the latest CVE seems pretty awful00:01:21
@emilazy:matrix.orgemilyand iirc wasn't out at the time of that PR?00:01:28
@hexa:lossy.networkhexaannoying00:02:23
@emilazy:matrix.orgemily it does give us the chance to pick up Rust 1.96.1 if we do it, since that was rushed out to ship both the libssh2 fixes and fix a miscompilation bug, though AFAICT the miscompilation bug isn't bad enough to be worth the rebuilds unless we're eating them anyway because of libssh2 00:03:35
@emilazy:matrix.orgemilywe are sufficiently ahead of schedule that it feels like it might be worth eating the rebuilds rather than shipping an RCE for weeks on unstable, but don't feel confident enough to make the call myself. worried about a call not happening until it's throwing away even more builds / delaying things longer though00:05:02
@hexa:lossy.networkhexalet's just do it00:07:31
@hexa:lossy.networkhexait's not the stdenv00:07:37
@hexa:lossy.networkhexait will be highly parallel00:07:44
@hexa:lossy.networkhexadarwin looks idle right now00:07:49
@hexa:lossy.networkhexalinux does 35k/25k steps per day00:08:06
@hexa:lossy.networkhexaso probably a two day delay00:08:25
@hexa:lossy.networkhexathe earlier the changes can be landed the better00:08:40
@emilazy:matrix.orgemilynot sure if I will have the time tonight to prepare a PR that picks the patches, the current one bumps to an unstable version with a ~600 commit delta from the release00:09:36
@emilazy:matrix.orgemilywhich scares me00:09:42
@whispers:catgirl.cloudwhispers [& it/fae]just yoinking the three patches from debian seems very low-risk and sane. diffs are small00:11:10
@hexa:lossy.networkhexayeah, could mean nothing is ready for the (breaking?) changes in there00:11:18
@hexa:lossy.networkhexaI'm not super sure about the full scope; do the three patches cover everything relevant?00:11:49
@hexa:lossy.networkhexaRedacted or Malformed Event00:11:58
@whispers:catgirl.cloudwhispers [& it/fae]they cover the three CVEs I'm aware of and that the rust folks patched. i haven't tracked closely enough to know if there are others, though.00:13:25
@whispers:catgirl.cloudwhispers [& it/fae] * 00:14:09
@whispers:catgirl.cloudwhispers [& it/fae]same three posted about on oss-sec too: https://seclists.org/oss-sec/2026/q2/101000:14:52
@hexa:lossy.networkhexacan you quickly check the pr?00:17:41
@hexa:lossy.networkhexa^00:17:48

Show newer messages


Back to Room ListRoom Version: 6