| 29 May 2021 |
|  Mark left the room. | 19:13:34 |
|  cyplo joined the room. | 19:59:15 |
|  OneLegend joined the room. | 22:21:31 |
| 30 May 2021 |
 ris_ | if anyone wants to have a go at bumping singularity 3.6.3's umoci dependency to 0.4.7 and thus resolve https://github.com/NixOS/nixpkgs/issues/124678 please be my guest, i give up. golang's packaging tools are :horror: | 00:14:32 |
| OneLegend left the room. | 00:55:27 |
 Sandro | In reply to @r_i_s:matrix.org
if anyone wants to have a go at bumping singularity 3.6.3's umoci dependency to 0.4.7 and thus resolve https://github.com/NixOS/nixpkgs/issues/124678 please be my guest, i give up. golang's packaging tools are :horror: You probably need to create upstream issues for them | 02:32:05 |
| Sandro | In reply to @r_i_s:matrix.org
if anyone wants to have a go at bumping singularity 3.6.3's umoci dependency to 0.4.7 and thus resolve https://github.com/NixOS/nixpkgs/issues/124678 please be my guest, i give up. golang's packaging tools are :horror: * You probably need to create upstream issues/PRs for them | 02:32:18 |
|  Kitty joined the room. | 06:09:43 |
 Arian | It seems NixOS is missing DigiCert's new Root CA. E.g. i can not curl https://signup.cloud.oracle.com | 11:47:00 |
| Arian | How is the nixos trust store kept up to date? | 11:59:36 |
 das_j | In reply to @arianvp:matrix.org
How is the nixos trust store kept up to date? nss's trust store (mozilla) ist used | 13:56:56 |
| das_j | see pkgs/data/misc/cacert | 13:57:38 |
| Arian | Interesting. I think it's something funky with oracle's setup. They aren't returning the entire certificate chain in the handshake | 13:58:06 |
 philipp | That's a really common issue, sadly. | 13:58:55 |
 hexa | das_j: and the nss version in stlabe doesn't change, should we rely on nss_latest for cacerts possibly? | 14:03:04 |
| hexa | * das_j: and the nss version in stable doesn't change, should we rely on nss_latest for cacerts possibly? | 14:03:12 |
 andi- | nss_latest. -> cacert -> world rebuild-ish | 14:07:08 |
| hexa | yup | 14:07:17 |
| andi- | The idea of nss_latest was to exactly avoid world rebuilds | 14:07:18 |
| hexa | fair | 14:07:24 |
| andi- | while still being able to upgrade firefox | 14:07:28 |
| andi- | One option is always to only update cacert indepdendent of NSS | 14:10:28 |
| andi- | Still a world rebuild but not as high impact as changing NSS | 14:10:41 |
| hexa | on master cacert was already decoupled from nss | 14:30:19 |
| hexa | by you :D | 14:30:26 |
| andi- | Yeah :-) | 14:41:07 |
|  rizary_andika (@rizary_:matrix.org) (@rizary:matrix.org) joined the room. | 17:42:25 |
 kunrooted | I haven't asked in here yet
I'm currently writing a paper on security of Nix and NixOS
maybe someone will suggest other ideas to cover in that paper? | 17:50:26 |
| philipp | Challenges of having to update entire channels v.s. being able to update a single package. | 18:16:03 |
| andi- | Benefits of updating entire channels vs. a single package | 18:17:27 |
