| 6 Sep 2025 |
|  SomeoneSerge (back on matrix) changed their display name from SomeoneSerge (Ever OOMed by Element) to SomeoneSerge (@nixcon & back on matrix). | 09:24:35 |
| 8 Sep 2025 |
|  Inayet set a profile picture. | 02:16:53 |
 stigo | https://github.com/NixOS/nixpkgs/pull/441228 CVE-2025-40928 and CVE-2025-40929 | 15:32:42 |
| 9 Sep 2025 |
 SigmaSquadron | XSAs #472 & #473: https://github.com/NixOS/nixpkgs/pull/441454
25.05: https://github.com/NixOS/nixpkgs/pull/441455 | 13:02:56 |
|  aciceri changed their display name from zrsk to aciceri. | 15:02:19 |
| 10 Sep 2025 |
| SomeoneSerge (back on matrix) changed their display name from SomeoneSerge (@nixcon & back on matrix) to SomeoneSerge (back on matrix). | 00:38:08 |
 hexa | https://kb.cert.org/vuls/id/461364 no new release yet, releases look like code drops | 02:17:22 |
| hexa | * https://kb.cert.org/vuls/id/461364 no new release yet, releases look like code drops https://gitlab.com/hsleisink/hiawatha/-/commits/master?ref_type=HEADS | 02:17:32 |
| hexa | only maintainer was removed in 2019 and the package has been carried forth since by r-ryantm | 02:20:14 |
| hexa |
Hiawatha is no longer actively supported by the developer, but the developer acknowledges the vulnerabilities and has included mitigations and remediations to all three vulnerabilities in the next release.
| 02:20:34 |
 dish [Fox/It/She] | there aren't any consumers in nixpkgs, nor in any public config repos from a cursory glance at sourcegraph, so since there's no maintainers we could consider dropping | 02:23:29 |
| hexa | https://github.com/NixOS/nixpkgs/pull/441645 | 02:24:21 |
| hexa | same thought | 02:24:26 |
| dish [Fox/It/She] | 🫡 | 02:30:22 |
| dish [Fox/It/She] | considering a drop is technically breaking, add a nixpkgs release note maybe? | 02:30:55 |
| hexa | sure, why not. | 02:33:50 |
| hexa | pushed | 02:33:51 |
| dish [Fox/It/She] | perfect, ty! lgtm | 02:34:48 |
 Grimmauld (any/all) | In reply to @pyrox:pyrox.dev
considering a drop is technically breaking, add a nixpkgs release note maybe? We have throws in aliases.nix, IMO package removals are discoverable enough to not need release notes. Our rlnotes are already entirely unreadable and way too verbose... | 07:06:21 |
| hexa | https://seclists.org/oss-sec/2025/q3/160
https://seclists.org/oss-sec/2025/q3/161 | 09:44:45 |
| dish [Fox/It/She] | In reply to @grimmauld:grapevine.grimmauld.de
We have throws in aliases.nix, IMO package removals are discoverable enough to not need release notes. Our rlnotes are already entirely unreadable and way too verbose... fair | 12:09:37 |
|  @nerves:bark.lgbt left the room. | 12:31:55 |
 Sandro | First time seeing a test without a module 😅 | 13:06:47 |
 niklaskorz | the freshly dropped minecraft package had one too! (oops this is triage, not discussion) | 13:07:23 |
|  Artem Leshchev joined the room. | 16:20:25 |
| Artem Leshchev set a profile picture. | 16:25:49 |
| 11 Sep 2025 |
 K900 | It's a day that ends in Y | 16:15:35 |
| K900 | And you know what that means | 16:15:37 |
| K900 | New! Intel! Side! Channel! Vulns! | 16:15:43 |
| K900 | https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.16.7 | 16:15:44 |
