| 15 Apr 2026 |
 kuflierl | * i have not read the structs being freed, this is just me assuming there is a pointer somewhere in that strict | 08:09:45 |
| 16 Apr 2026 |
 fgaz | Critical sandbox escape in luanti https://github.com/NixOS/nixpkgs/pull/510535 | 09:09:15 |
 K900 | Maybe just backport the fixed version? It's a videogame, do we really need to worry about breakage here | 09:10:55 |
| fgaz | I don't know, I don't have time to review the breaking changes right now | 09:12:06 |
| fgaz | keep in mind it includes a game server as well. breaking changes might affect server operators | 09:12:44 |
| K900 | OK, going to merge for now | 09:12:44 |
 vcunat | Here's another case of dilemma between pulling breaking changes vs. marking as insecure:
https://github.com/NixOS/nixpkgs/pull/500876 | 11:50:14 |
 Sandro 🐧 | Just build the package on hydra and then people can consume it without pain when allowing it. | 13:35:09 |
 hexa | how about porting the patches? | 13:36:05 |
| vcunat | Another complication is that packages marked as insecure won't be built by Hydra, yes. | 13:47:23 |
| vcunat | * Another complication is (generally) that packages marked as insecure won't be built by Hydra, yes. | 13:48:10 |
| Sandro 🐧 | We are running in absolute circles here, it would make so many things so much easier and things could be marked as vulnerable without having to worry about criplying peoples experience when they do not have a heavy server to compile stuff | 16:29:28 |
| Sandro 🐧 | I try to avoid that as much as possible. If there are not many changes in between that can be easily done but than you can also just update the package.
If there are many changes, I am just going to throw the update on people regardless if there are breaking changes. It just takes to much of my time to properly test those patches on old things I am nowhere using. | 16:31:11 |
| Sandro 🐧 | * I try to avoid that as much as possible. If there are not many changes in between that can be easily done but than you can also just update the package.
If there are many changes, I am just wanting to throw the update on people regardless if there are breaking changes. It just takes to much of my time to properly test those patches on old things I am nowhere using. | 16:36:34 |
 emily | what's going in circles is you restarting this argument unprompted every single time... | 16:37:39 |
| Sandro 🐧 | It is the obvious solution in the room and what I as a maintainer what as an option and I am not heard. | 16:42:41 |
| Sandro 🐧 | * It is the obvious solution in the room and what I as a maintainer want as an option and I am not heard. | 16:42:50 |
| Sandro 🐧 | * It is the obvious solution in the room and what I as a maintainer want as an option and I am not being heard. | 16:42:54 |
| Sandro 🐧 | * It is the obvious solution in the room and what I, as a maintainer, want as an option and I am not being heard. | 16:43:33 |
| Sandro 🐧 | Especially when vulnerabilities are only relevant for a specific use case which might not even be a common one. Than I want to inform users of the software about it and if they for themselves have decided that the vulnerability does not apply to them and they have changed their configs to ignore it and accept the vulnerability than they should not feel a consequence. | 16:45:03 |
| emily | you're being heard, but the response to being heard has been people giving counterarguments and an end result of consensus against that position every time | 16:45:37 |
 leona | please not in this room.. | 16:45:56 |
| Sandro 🐧 | Having to compile software on weak hardware (eg. a Rasperry Pi) is a consequence and sucks. Especially if you do not have a builder on that arch and compilation is expensive.
Me literally yesterday. | 16:46:03 |
| emily | apologies | 16:46:04 |
| emily | thought this was #security-discuss:nixos.org | 16:46:13 |
| 17 Apr 2026 |
 whispers [& it/fae] | re ^: https://github.com/NixOS/nixpkgs/pull/510184 still needs a manual backport to 25.11 and i don't have the time to do that for a while, if someone else wants to pick that up :3 | 14:31:28 |
| vcunat | https://github.com/NixOS/nixpkgs/pull/510931 | 14:52:29 |
 flx | https://github.com/NixOS/nixpkgs/pull/510558 | 16:11:39 |
|  dish [Fox/It/She] changed their profile picture. | 16:58:37 |
|  aaronedev joined the room. | 18:53:50 |
