| 12 Sep 2025 |
|  @jordanjoel1:matrix.org left the room. | 03:34:39 |
|  @aidalgol:tchncs.de set a profile picture. | 09:21:38 |
 teutat3s | https://github.com/NixOS/nixpkgs/pull/442076 | 11:26:51 |
 Sandro | I would like to bring this package to the attention of the security minded people https://github.com/NixOS/nixpkgs/pull/433307
It is using very old vendored versions of fontforge and poppler, both over 5 years old, and at least poppler contains 10+ CVEs. | 11:35:13 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/439996 | 11:44:42 |
 emily | only been in the tree for 8 hours, let's revert | 11:45:13 |
| emily | if there's going to be a new release without vulns it can wait for that | 11:45:26 |
| Sandro | I was thinking the same | 11:45:43 |
| emily | package guidelines are pretty clear that we need a good reason to add a new package that has significant vulnerabilities from the start | 11:46:11 |
| emily | I'd do it but not at a computer rn | 11:46:17 |
