| 11 Sep 2025 |
 hexa | * free for anyone to pick up, the maintainer is AWOL | 20:37:33 |
 stigo | It's ☕️ :D | 20:52:53 |
| 12 Sep 2025 |
|  @jordanjoel1:matrix.org changed their profile picture. | 03:27:12 |
| @jordanjoel1:matrix.org left the room. | 03:34:39 |
|  @aidalgol:tchncs.de set a profile picture. | 09:21:38 |
 teutat3s | https://github.com/NixOS/nixpkgs/pull/442076 | 11:26:51 |
 Sandro 🐧 | I would like to bring this package to the attention of the security minded people https://github.com/NixOS/nixpkgs/pull/433307
It is using very old vendored versions of fontforge and poppler, both over 5 years old, and at least poppler contains 10+ CVEs. | 11:35:13 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/439996 | 11:44:42 |
 emily | only been in the tree for 8 hours, let's revert | 11:45:13 |
| emily | if there's going to be a new release without vulns it can wait for that | 11:45:26 |
| Sandro 🐧 | I was thinking the same | 11:45:43 |
| emily | package guidelines are pretty clear that we need a good reason to add a new package that has significant vulnerabilities from the start | 11:46:11 |
| emily | I'd do it but not at a computer rn | 11:46:17 |
 leona | i created a revert PR https://github.com/NixOS/nixpkgs/pull/442351. I won't merge that myself, happy for reviews. | 11:52:43 |
| Sandro 🐧 | I already saw that when clicking revert that the commit was already created. Approved, too. | 11:54:56 |
| emily | (personally I don't think we need tons of ceremony for reverting for things that would have been a blocking review if caught hours before merge rather than after. part of the Hintjens optimistic merging doc people like is unilateral reverts if a change is problematic. so I'll hit the merge button) | 11:56:38 |
| 13 Sep 2025 |
|  oak 🏳️🌈♥️ changed their profile picture. | 09:46:05 |
| 14 Sep 2025 |
|  Emma [it/its] joined the room. | 08:39:56 |
| 15 Sep 2025 |
|  @kevincox:matrix.org changed their display name from kevincox to kevincox (moved to @kevincox:kevincox.ca). | 19:40:13 |
| 16 Sep 2025 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/443455 | Fix CVE-2025-59161 / GHSA-m6c8-98f4-75rr "A malicious room can hide an unrelated room and cause it to be left when the malicious room is left " | 14:41:53 |
 dish [Fox/It/She] | queued to merge, ty! | 16:06:25 |
| Sandro 🐧 | Should we drop goldwarden if it's development is halted?
https://github.com/quexten/goldwarden | 16:16:13 |
| hexa | #security-discuss:nixos.org | 16:18:47 |
| hexa | https://github.com/NixOS/nixpkgs/pull/443573 | 21:57:34 |
| 18 Sep 2025 |
| hexa | https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html | 12:47:05 |
| 19 Sep 2025 |
|  mkg20001 changed their profile picture. | 17:21:04 |
| 20 Sep 2025 |
|  @scr1bbles:matrix.org left the room. | 15:40:33 |
| 21 Sep 2025 |
| hexa | https://paste.swordarmor.fr/raw/GvZ8 | 01:02:15 |
| hexa | * From: Maria Matejka via Bird-downstream <bird-downstream@lists.nic.cz>
To: BIRD downstream maintainers <bird-downstream@lists.nic.cz>
Cc: Maria Matejka <maria.matejka@nic.cz>
Reply-To: BIRD downstream maintainers <bird-downstream@lists.nic.cz>
Date: Fri, 19 Sep 2025 16:05:44 +0200
Subject: [Bird-downstream] Expected release of BIRD 3.0.5 and 3.1.4
[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 4.3K --]
Hello!
Please expect that hopefully on monday we're going to release fixup
versions 3.0.5 and 3.1.4; this time there is an embargoed patch included
so after we're done fixing, we're going to share the TGZs with you
privately before announcing and pushing to the public repository.
Please advise which timing is good for you to coordinate the release.
I would like to aim to monday evening or tuesday morning european time;
if something goes wrong, tuesday evening would be the time.
Thanks!
Maria
--
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
[-- Attachment #2 --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.2K --]
_______________________________________________
Bird-downstream mailing list -- bird-downstream@lists.nic.cz
To unsubscribe send an email to bird-downstream-leave@lists.nic.cz
| 01:02:26 |
| 22 Sep 2025 |
|  Felix Schröter changed their display name from Felix Schröter to Felix Schröter (🌄 29.09. – 05.10.). | 09:55:50 |
