| 11 Sep 2025 |
 hexa | can't believe I subscribed to cups releases 🫣 | 20:37:01 |
| hexa | free for anyone to pick up | 20:37:28 |
| hexa | * free for anyone to pick up, the maintainer is AWOL | 20:37:33 |
 stigo | It's ☕️ :D | 20:52:53 |
| 12 Sep 2025 |
|  @jordanjoel1:matrix.org changed their profile picture. | 03:27:12 |
| @jordanjoel1:matrix.org left the room. | 03:34:39 |
|  @aidalgol:tchncs.de set a profile picture. | 09:21:38 |
 teutat3s | https://github.com/NixOS/nixpkgs/pull/442076 | 11:26:51 |
 Sandro | I would like to bring this package to the attention of the security minded people https://github.com/NixOS/nixpkgs/pull/433307
It is using very old vendored versions of fontforge and poppler, both over 5 years old, and at least poppler contains 10+ CVEs. | 11:35:13 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/439996 | 11:44:42 |
 emily | only been in the tree for 8 hours, let's revert | 11:45:13 |
| emily | if there's going to be a new release without vulns it can wait for that | 11:45:26 |
| Sandro | I was thinking the same | 11:45:43 |
| emily | package guidelines are pretty clear that we need a good reason to add a new package that has significant vulnerabilities from the start | 11:46:11 |
| emily | I'd do it but not at a computer rn | 11:46:17 |
 leona | i created a revert PR https://github.com/NixOS/nixpkgs/pull/442351. I won't merge that myself, happy for reviews. | 11:52:43 |
| Sandro | I already saw that when clicking revert that the commit was already created. Approved, too. | 11:54:56 |
| emily | (personally I don't think we need tons of ceremony for reverting for things that would have been a blocking review if caught hours before merge rather than after. part of the Hintjens optimistic merging doc people like is unilateral reverts if a change is problematic. so I'll hit the merge button) | 11:56:38 |
| 13 Sep 2025 |
|  oak 🏳️🌈♥️ changed their profile picture. | 09:46:05 |
| 14 Sep 2025 |
|  Emma [it/its] joined the room. | 08:39:56 |
| 15 Sep 2025 |
|  kevincox changed their display name from kevincox to kevincox (moved to @kevincox:kevincox.ca). | 19:40:13 |
| 16 Sep 2025 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/443455 | Fix CVE-2025-59161 / GHSA-m6c8-98f4-75rr "A malicious room can hide an unrelated room and cause it to be left when the malicious room is left " | 14:41:53 |
 dish [Fox/It/She] | queued to merge, ty! | 16:06:25 |
| Sandro | Should we drop goldwarden if it's development is halted?
https://github.com/quexten/goldwarden | 16:16:13 |
| hexa | #security-discuss:nixos.org | 16:18:47 |
| hexa | https://github.com/NixOS/nixpkgs/pull/443573 | 21:57:34 |
| 18 Sep 2025 |
| hexa | https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html | 12:47:05 |
| 19 Sep 2025 |
|  mkg20001 changed their profile picture. | 17:21:04 |
| 20 Sep 2025 |
|  @scr1bbles:matrix.org left the room. | 15:40:33 |
| 21 Sep 2025 |
| hexa | https://paste.swordarmor.fr/raw/GvZ8 | 01:02:15 |
