| 22 Aug 2025 |
|  June joined the room. | 02:57:43 |
|  @julian:nekover.se left the room. | 03:09:18 |
 leona | valkey security release https://github.com/valkey-io/valkey/releases/tag/8.0.5 | 15:00:50 |
| leona | as far as i see only affects 25.05. https://github.com/NixOS/nixpkgs/pull/435905 | 15:06:30 |
|  elikoga changed their profile picture. | 17:28:13 |
|  odoom joined the room. | 21:33:14 |
| 24 Aug 2025 |
|  Honnip joined the room. | 13:29:06 |
| 25 Aug 2025 |
 lennart | hej, could someone who is allowed to delete Issues in NixOS/nixpkgs write me directly? I found a vulnerability in a software, made an issue in nixpkgs which partly was about that vuln. upstream asks to please delete the ticket. | 09:31:16 |
| lennart | my fuckupā¦ | 09:31:33 |
| lennart | already wrote hexa, I guess he's sleeping or busy :) https://github.com/orgs/NixOS/people/security_managers | 09:33:22 |
| lennart | lassulus did the dead, thanks | 09:35:17 |
 SigmaSquadron | we should consider that security vulnerability leaked to the public already, as there may be an archive of the deleted issue. | 09:49:01 |
| SigmaSquadron | * | 09:49:15 |
 tgerbet | Upstream should consider the issue public. Information is likely still accessible in GitHub events
Full disclosure is better than half disclosed (and apparently the tendency these days is to publish emboarged issues on public ML š« ) | 10:27:45 |
| lennart | It's not related to nixpkgs, only upstream. | 10:28:01 |
| lennart | I see your point, but it'd let upstream cover and decide on that. | 10:28:27 |
| lennart | Nonetheless, they'll apply for an CVE number :b | 10:28:38 |
 raitobezarius | If upstream doesn't do full disclosure, this is a very bad look on them for what seems to be a minor issue. | 10:28:56 |
| lennart | What do you mean by half and full disclosure? Lets move to the discussion channel? | 10:29:44 |
| 27 Aug 2025 |
|  martijn joined the room. | 13:58:51 |
| 28 Aug 2025 |
 hexa | https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g udisks Jan Tojnar | 20:55:32 |
| hexa | https://www.openwall.com/lists/oss-security/2025/08/28/1
https://www.openwall.com/lists/oss-security/2025/08/28/2 | 20:55:56 |
| hexa | * https://www.openwall.com/lists/oss-security/2025/08/28/1 | 20:56:07 |
| 29 Aug 2025 |
|  @bluebirdlamentations:matrix.org left the room. | 16:13:53 |
|  @magic_rb:matrix.redalder.org changed their profile picture. | 19:27:40 |
| 30 Aug 2025 |
| tgerbet | SigmaSquadron: https://xenbits.xen.org/xsa/advisory-471.html
Is this taken into account by the Xen team? | 11:13:23 |
| SigmaSquadron | uh I already fixed 471 I think | 11:40:39 |
| SigmaSquadron | yeah that's the big one | 11:41:13 |
| SigmaSquadron | we just updated to the latest branch heads and then updated to 4.20.1 when it released | 11:41:36 |
| SigmaSquadron | ditto for 4.19.x on stable | 11:41:57 |
