| 30 Aug 2025 |
 SigmaSquadron | Yes, just confirmed that both 25.05 and 25.11 have all the patches for XSA 471. | 11:49:37 |
| 31 Aug 2025 |
|  @alper-celik:matrix.org left the room. | 16:00:07 |
| 1 Sep 2025 |
|  Lun changed their display name from lun to Lun. | 15:55:15 |
| 2 Sep 2025 |
|  @aidalgol:tchncs.de joined the room. | 21:55:24 |
| 3 Sep 2025 |
|  ghpzin joined the room. | 07:30:05 |
| 4 Sep 2025 |
| @aidalgol:tchncs.de changed their display name from Aidan Gauland to aidalgol[m]. | 11:23:25 |
| @aidalgol:tchncs.de changed their display name from aidalgol[m] to aidalgol. | 11:24:11 |
| 5 Sep 2025 |
|  Chris Norman set a profile picture. | 15:05:04 |
| Chris Norman changed their profile picture. | 15:05:17 |
| 6 Sep 2025 |
|  SomeoneSerge (back on matrix) changed their display name from SomeoneSerge (Ever OOMed by Element) to SomeoneSerge (@nixcon & back on matrix). | 09:24:35 |
| 8 Sep 2025 |
|  Inayet set a profile picture. | 02:16:53 |
 stigo | https://github.com/NixOS/nixpkgs/pull/441228 CVE-2025-40928 and CVE-2025-40929 | 15:32:42 |
| 9 Sep 2025 |
| SigmaSquadron | XSAs #472 & #473: https://github.com/NixOS/nixpkgs/pull/441454
25.05: https://github.com/NixOS/nixpkgs/pull/441455 | 13:02:56 |
|  aciceri changed their display name from zrsk to aciceri. | 15:02:19 |
| 10 Sep 2025 |
| SomeoneSerge (back on matrix) changed their display name from SomeoneSerge (@nixcon & back on matrix) to SomeoneSerge (back on matrix). | 00:38:08 |
 hexa | https://kb.cert.org/vuls/id/461364 no new release yet, releases look like code drops | 02:17:22 |
| hexa | * https://kb.cert.org/vuls/id/461364 no new release yet, releases look like code drops https://gitlab.com/hsleisink/hiawatha/-/commits/master?ref_type=HEADS | 02:17:32 |
| hexa | only maintainer was removed in 2019 and the package has been carried forth since by r-ryantm | 02:20:14 |
| hexa |
Hiawatha is no longer actively supported by the developer, but the developer acknowledges the vulnerabilities and has included mitigations and remediations to all three vulnerabilities in the next release.
| 02:20:34 |
 dish [Fox/It/She] | there aren't any consumers in nixpkgs, nor in any public config repos from a cursory glance at sourcegraph, so since there's no maintainers we could consider dropping | 02:23:29 |
| hexa | https://github.com/NixOS/nixpkgs/pull/441645 | 02:24:21 |
| hexa | same thought | 02:24:26 |
| dish [Fox/It/She] | 🫡 | 02:30:22 |
| dish [Fox/It/She] | considering a drop is technically breaking, add a nixpkgs release note maybe? | 02:30:55 |
| hexa | sure, why not. | 02:33:50 |
| hexa | pushed | 02:33:51 |
| dish [Fox/It/She] | perfect, ty! lgtm | 02:34:48 |
 Grimmauld (any/all) | In reply to @pyrox:pyrox.dev
considering a drop is technically breaking, add a nixpkgs release note maybe? We have throws in aliases.nix, IMO package removals are discoverable enough to not need release notes. Our rlnotes are already entirely unreadable and way too verbose... | 07:06:21 |
| hexa | https://seclists.org/oss-sec/2025/q3/160
https://seclists.org/oss-sec/2025/q3/161 | 09:44:45 |
| dish [Fox/It/She] | In reply to @grimmauld:grapevine.grimmauld.de
We have throws in aliases.nix, IMO package removals are discoverable enough to not need release notes. Our rlnotes are already entirely unreadable and way too verbose... fair | 12:09:37 |
