!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

677 Members
Coordination and triage of security issues in nixpkgs211 Servers

Load older messages

SenderMessageTime
21 May 2021
@kevincox:matrix.orgkevincox Or just drop the "Discussion around" bit as it is redundant. 23:09:28
@hexa:lossy.networkhexayup, something like that would be good23:09:49
@kevincox:matrix.orgkevincox I don't think I have permission and grahamc seems really busy but maybe we can get that set, or get some more mods when things cool down. 23:11:10
@grahamc:nixos.org@grahamc:nixos.orgchanged room power levels.23:11:27
@hexa:lossy.networkhexa set the room topic to "Coordination and triage of security issues in nixpkgs".23:11:54
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/12394123:21:43
@hexa:lossy.networkhexaThe homeserver.signing.key is currently world-readable 😢23:22:08
@hexa:lossy.networkhexaWe plan to get this merged and backported tomorrow-ish.23:22:45
@hexa:lossy.networkhexa * The homeserver.signing.key and media are currently world-readable 😢 23:39:07
@hexa:lossy.networkhexa * The homeserver.signing.key and media directory are currently world-readable 😢 23:39:28
@hexa:lossy.networkhexaLooks like upstream packaging suffers from a similar issue: https://github.com/matrix-org/synapse/issues/1000823:52:56
@hexa:lossy.networkhexahttps://github.com/matrix-org/synapse/issues/152823:53:15
@andi:kack.itandi-In practice it isn't really exploitable as the folder is not world readable but that isn't a reason not to do it properly 23:54:00
@andi:kack.itandi-At least for our setup. No idea about theirs23:54:39
@hexa:lossy.networkhexayup, the statedirectory is 070023:56:53
@hexa:lossy.networkhexaso not security strictly, but hygiene23:57:09
22 May 2021
@robin.gloster:matrix.mayflower.deglobin joined the room.00:05:30
Room Avatar Renderer.00:32:52
@andi:kack.itandi- samueldr: so what phrase do these symbols stand for? 4 letters... 00:33:53
@samueldr:matrix.orgsamueldrandi00:34:05
@samueldr:matrix.orgsamueldrhexa00:34:29
@hexa:lossy.networkhexawhy not hexa though?00:34:30
@hexa:lossy.networkhexaahh, there it is00:34:35
@samueldr:matrix.orgsamueldrchoose your poiso00:34:37
@samueldr:matrix.orgsamueldr * choose your poison00:34:39
@hexa:lossy.networkhexachoosing pois00:34:45
@samueldr:matrix.orgsamueldrfun fact: those are called grawlix00:34:57
@andi:kack.itandi-Can I pick a swear word instead?00:35:04
@samueldr:matrix.orgsamueldrand it's here to represent what some think when thinking about CVEs and such!00:35:18
@grahamc:nixos.org@grahamc:nixos.orgI've experimentally placed this in a Nix Teams subspace, let me know if this doesn't feel like a good fit.00:39:53

Show newer messages

Back to Room ListRoom Version: 6