!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

662 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22205 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
11 Jan 2025
@sigmasquadron:matrix.orgSigmaSquadron changed their display name from SigmaSquadron (Away until 2025-01-11) to SigmaSquadron.15:06:34
@hexa:lossy.networkhexahttps://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v816:21:59
@hexa:lossy.networkhexa * https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8 vim Philip Taron (UTC-8) 16:24:52
@philiptaron:matrix.orgPhilip Taron (UTC-8)On it16:28:08
@philiptaron:matrix.orgPhilip Taron (UTC-8)Will still be a staging PR due to number of rebuilds (all vim plugins)16:29:19
@philiptaron:matrix.orgPhilip Taron (UTC-8)* Will still be a staging PR due to number of rebuilds (all vim plugins) also because IMO these vulns for code editing are only so bad16:29:49
@hexa:lossy.networkhexathe commit looks fairly straightforward to backport into staging-24.1116:30:34
@hexa:lossy.networkhexa * the commit looks fairly straightforward to backport into staging-24.11 16:30:43
@philiptaron:matrix.orgPhilip Taron (UTC-8)I have no problem with backporting the whole editor (patch versions fit into the release branch backports straightforwardly)16:31:19
@philiptaron:matrix.orgPhilip Taron (UTC-8)* I have no problem with backporting the whole editor to staging-24.11 (patch versions fit into the release branch backports straightforwardly)16:31:31
@hexa:lossy.networkhexaif you can ensure there are no breaking changes in there 🙂 16:31:52
@philiptaron:matrix.orgPhilip Taron (UTC-8)I'll look through the commits.16:37:02
@philiptaron:matrix.orgPhilip Taron (UTC-8)https://github.com/NixOS/nixpkgs/pull/37298016:42:56
@oak:universumi.fioak 🏳️‍🌈♥️ changed their profile picture.16:45:21
@oak:universumi.fioak 🏳️‍🌈♥️ removed their profile picture.16:46:24
@oak:universumi.fioak 🏳️‍🌈♥️ set a profile picture.16:46:55
@philiptaron:matrix.orgPhilip Taron (UTC-8)https://github.com/NixOS/nixpkgs/pull/372981 (still reading through the commits)16:51:09
@hexa:lossy.networkhexathat is not a valid backport16:51:51
@hexa:lossy.networkhexa* that is not a valid backport that fits contributing.md16:51:57
@philiptaron:matrix.orgPhilip Taron (UTC-8)tell me more16:52:11
@hexa:lossy.networkhexabackports need to be cherry-picks from master if possible16:52:40
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#manually-backporting-changes16:53:23

Show newer messages

Back to Room ListRoom Version: 6