| 12 Sep 2025 |
 emily | if there's going to be a new release without vulns it can wait for that | 11:45:26 |
 Sandro 🐧 | I was thinking the same | 11:45:43 |
| emily | package guidelines are pretty clear that we need a good reason to add a new package that has significant vulnerabilities from the start | 11:46:11 |
| emily | I'd do it but not at a computer rn | 11:46:17 |
 leona | i created a revert PR https://github.com/NixOS/nixpkgs/pull/442351. I won't merge that myself, happy for reviews. | 11:52:43 |
| Sandro 🐧 | I already saw that when clicking revert that the commit was already created. Approved, too. | 11:54:56 |
| emily | (personally I don't think we need tons of ceremony for reverting for things that would have been a blocking review if caught hours before merge rather than after. part of the Hintjens optimistic merging doc people like is unilateral reverts if a change is problematic. so I'll hit the merge button) | 11:56:38 |
| 13 Sep 2025 |
|  oak 🏳️🌈♥️ changed their profile picture. | 09:46:05 |
| 14 Sep 2025 |
|  Emma [it/its] joined the room. | 08:39:56 |
| 15 Sep 2025 |
|  @kevincox:matrix.org changed their display name from kevincox to kevincox (moved to @kevincox:kevincox.ca). | 19:40:13 |
| 16 Sep 2025 |
 teutat3s | https://github.com/NixOS/nixpkgs/pull/443455 | Fix CVE-2025-59161 / GHSA-m6c8-98f4-75rr "A malicious room can hide an unrelated room and cause it to be left when the malicious room is left " | 14:41:53 |
 dish [Fox/It/She] | queued to merge, ty! | 16:06:25 |
| Sandro 🐧 | Should we drop goldwarden if it's development is halted?
https://github.com/quexten/goldwarden | 16:16:13 |
 hexa | #security-discuss:nixos.org | 16:18:47 |
| hexa | https://github.com/NixOS/nixpkgs/pull/443573 | 21:57:34 |
| 18 Sep 2025 |
| hexa | https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html | 12:47:05 |
| 19 Sep 2025 |
|  mkg20001 changed their profile picture. | 17:21:04 |
| 20 Sep 2025 |
|  @scr1bbles:matrix.org left the room. | 15:40:33 |
| 21 Sep 2025 |
| hexa | https://paste.swordarmor.fr/raw/GvZ8 | 01:02:15 |
| hexa | * From: Maria Matejka via Bird-downstream <bird-downstream@lists.nic.cz>
To: BIRD downstream maintainers <bird-downstream@lists.nic.cz>
Cc: Maria Matejka <maria.matejka@nic.cz>
Reply-To: BIRD downstream maintainers <bird-downstream@lists.nic.cz>
Date: Fri, 19 Sep 2025 16:05:44 +0200
Subject: [Bird-downstream] Expected release of BIRD 3.0.5 and 3.1.4
[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 4.3K --]
Hello!
Please expect that hopefully on monday we're going to release fixup
versions 3.0.5 and 3.1.4; this time there is an embargoed patch included
so after we're done fixing, we're going to share the TGZs with you
privately before announcing and pushing to the public repository.
Please advise which timing is good for you to coordinate the release.
I would like to aim to monday evening or tuesday morning european time;
if something goes wrong, tuesday evening would be the time.
Thanks!
Maria
--
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
[-- Attachment #2 --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.2K --]
_______________________________________________
Bird-downstream mailing list -- bird-downstream@lists.nic.cz
To unsubscribe send an email to bird-downstream-leave@lists.nic.cz
| 01:02:26 |
| 22 Sep 2025 |
|  Felix Schröter changed their display name from Felix Schröter to Felix Schröter (🌄 29.09. – 05.10.). | 09:55:50 |
| hexa | https://trubka.network.cz/pipermail/bird-users/2025-September/018417.html | 21:38:56 |
 Tom | https://github.com/NixOS/nixpkgs/pull/445303 | 22:29:47 |
| hexa | https://seclists.org/oss-sec/2025/q3/177 Jan Tojnar | 23:16:39 |
| hexa | * https://seclists.org/oss-sec/2025/q3/177 webkitgtk Jan Tojnar | 23:16:43 |
| hexa | I'm a bit lost on webkitgtk versioning, we seem to be on 2.50.0 for all versions? | 23:17:48 |
| 23 Sep 2025 |
 vcunat | bird2 is NOT affected by these security issues, by the way. | 05:33:14 |
 Jan Tojnar | yes. The versions in attribute name indicate ABI variant: 6_0 linked against GTK 4 and libsoup 3, 4_1 linked against GTK 3 and libsoup 3, 4_0 linked against GTK 3 and libsoup 2 (insecure) | 09:27:13 |
|  kenji changed their display name from a-kenji to kenji. | 10:38:47 |
| 24 Sep 2025 |
 lennart | release notes are yet to be released, I guess that will open in the next 2-4 hours https://github.com/NixOS/nixpkgs/pull/445709 | 05:28:45 |
