| 28 Sep 2021 |
 @kraftnix:matrix.org | * one thing i did find very strange was the "hidden" interaction of the lockfile.
i.e. not having an input defined in flake.nix (or inputs of inputs), but having it defined in flake.lock (because it used to exist) and having that lockfile forever lock on a specific version. the UX of that felt very strange and unexpected, i would have rathered a more explicit error or warning as i had an old input (nur) for 3 months before it threw an error for a different reason which made me realise this behaviour even existed. | 21:28:36 |
| 29 Sep 2021 |
|  @florian:web3.foundation joined the room. | 11:30:57 |
| @florian:web3.foundation | I was trying out DevOS but I hit #376 right away. It seems this was already fixed in digga but the update in #378 seem to wait for more reviewers. Currently this makes for a rather bad user experience for new users. | 11:52:20 |
|  @anderscs:matrix.org joined the room. | 13:06:53 |
 @timdeh:matrix.org | I just had bors merge #378 | 15:38:57 |
| @timdeh:matrix.org | sorry about the trouble, the follows patch should be completely removed at this point since it is now upstream | 15:39:19 |
 Pacman99 | thank you for merging that | 15:44:56 |
| Pacman99 | Also I'm going to commit a quickfix for https://github.com/divnix/digga/commit/44ae205cf72802d0271d59275fed359d5598c3d4#r57149349 to digga main | 15:45:06 |
| Pacman99 | Thank you princemachiavelli for catching that | 15:45:25 |
| Pacman99 | https://github.com/divnix/digga/commit/46c7c712d79ea627faf74739a2e89438a9d214f8 | 15:48:06 |
| @florian:web3.foundation | In reply to @timdeh:matrix.org
sorry about the trouble, the follows patch should be completely removed at this point since it is now upstream No problem, I really appricate the work you have been doing. Just thought mentioning it here might give it some more attention. | 16:56:52 |
| @florian:web3.foundation | Btw, is anybody here using a security key (e.g. yubikey, nitrokey, etc.)? It seems to me that age-nix is not really capable of ever supporting them (due to the way age works) and sops-nix would be a far better candidate. | 17:42:42 |
| Pacman99 | I thought age got support for some security key | 21:03:58 |
 David Arnold (blaggacao) | Florian | W3F - OoO Mon/Tue yeah, please keep pushing on the things you might encounter. 🙂 | 21:39:32 |
| @florian:web3.foundation | In reply to @pachumicchu:myrdd.info
I thought age got support for some security key It seems that age can indeed be used via PIV, but it has some limits, e.g. no RSA4096. | 21:51:29 |
| @florian:web3.foundation | I also just learned that sops now supports age. 😁 | 21:51:48 |
| David Arnold (blaggacao) | sops covers other use cases like secret lease that we don't want to support for devos, since the (current) scope is user machines.
And between pgp & age as the remaining options, we wanted to default to age. | 22:02:18 |
| David Arnold (blaggacao) | sops would be just an additional layer of complexity, in this case. | 22:02:45 |
| David Arnold (blaggacao) | * `sops` covers other use cases like secret lease that we don't want to support for devos, since the (current) scope is user machines.
And between pgp & age as the remaining backend options in `sops`, we wanted to default to `age`. | 22:03:41 |
| @timdeh:matrix.org | Florian | W3F - OoO Mon/Tue:
https://github.com/ryantm/agenix/pull/46 | 22:22:34 |
| @timdeh:matrix.org | It works, just have to make a slight trade off, either never require PIN or always require it. This is better than it was before where there was not even the option to not require the PIN, but it'll be more granular once work on an agent is worked out | 22:23:43 |
| 30 Sep 2021 |
| @kraftnix:matrix.org | In reply to @timdeh:matrix.org
Florian | W3F - OoO Mon/Tue:
https://github.com/ryantm/agenix/pull/46 i have been using this PR since you made it with no issues | 08:29:10 |
| @florian:web3.foundation | I am glad I asked, this is awesome. I have been working on generating Ed25519-based GPG and PIV keys from mnemonics (with the help of BIP39 dictionaries) to be used with security keys. | 08:44:28 |
| @florian:web3.foundation | A very rudimentary version can be found here: https://github.com/gliology/mind-the-gap | 08:48:31 |
| David Arnold (blaggacao) | Florian | W3F - OoO Mon/Tue very interesting! Can you make that work with age? As a general stance, I hold the opinion that we should try to further the deprecation of pgp wherever we can. | 13:51:47 |
| @florian:web3.foundation | In reply to @blaggacao:matrix.org
Florian | W3F - OoO Mon/Tue very interesting! Can you make that work with age? As a general stance, I hold the opinion that we should try to further the deprecation of pgp wherever we can. I have been working on PIV support with the same library the age plugin uses, so there should be nothing in the way of it. It just needs some more fine tuning. | 13:54:29 |
| @florian:web3.foundation | Also it seems the age plugin currently uses P265, so far I have been focusing on Ed25519. | 13:55:33 |
| @florian:web3.foundation | It should also be fairly easy to generate the key on the host and to output it as mnemonic before writing it to the yubikey inside the age plugin. | 13:57:09 |
| Pacman99 | I don't really have an opinion on master vs main for branch names, but can we make sure devos and digga use the same convention. Its really confusing having to switch between the in such connected projects. | 18:05:23 |
| Pacman99 | * I don't really have an opinion on master vs main for branch names, but can we make sure devos and digga use the same convention. Its really confusing having to switch between them in such connected projects. | 18:05:37 |
