| 14 Mar 2026 |
|  amadaluzia -> 4d2.org changed their display name from amadaluzia[uorg] to amadaluzia -> 4d2.org. | 21:23:01 |
| 16 Mar 2026 |
|  azban joined the room. | 01:15:52 |
| azban left the room. | 01:18:58 |
| azban joined the room. | 01:19:05 |
| azban left the room. | 01:19:25 |
| azban joined the room. | 01:37:27 |
 hexa | https://seclists.org/oss-sec/2026/q1/317 gstreamer | 03:20:03 |
| 17 Mar 2026 |
 Fernando Rodrigues | https://github.com/NixOS/nixpkgs/pull/500711 Xen | 12:14:58 |
| hexa | https://seclists.org/oss-sec/2026/q1/331 | 21:09:09 |
| hexa | * https://seclists.org/oss-sec/2026/q1/331 expat | 21:09:21 |
| 18 Mar 2026 |
 Markus Theil | Botan had a new release these days. I don't really know if any packages use TLS from Botan or just crypto operations like hashing, encryption/decryption. The security relevant changes touch OCSP handling and parallel signatures with e.g. ML-DSA.
https://botan.randombit.net/news.html#version-3-11-0-2026-03-15
https://github.com/NixOS/nixpkgs/pull/500384 | 08:13:02 |
| Markus Theil | OpenSSL also will release new version in the following weeks: https://openssl-library.org/news/secadv/20260313.txt (sry, if this was already posted here.) | 08:15:35 |
| Markus Theil | * OpenSSL also will release new versions in the following weeks: https://openssl-library.org/news/secadv/20260313.txt (sry, if this was already posted here.) | 08:15:43 |
|  曜日 joined the room. | 20:32:49 |
| 19 Mar 2026 |
 uep | https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b | 09:54:37 |
| uep | CVSS 10 | 09:54:59 |
 Tom | https://github.com/NixOS/nixpkgs/pull/501181 | 10:05:08 |
| hexa | https://github.com/wolfSSL/wolfssl/releases/tag/v5.9.0-stable | 12:55:16 |
|  Miles Dyson set a profile picture. | 18:06:11 |
| 20 Mar 2026 |
|  Evrim Ulu joined the room. | 02:42:18 |
 flx | https://github.com/NixOS/nixpkgs/pull/501042 | 11:37:01 |
 niklaskorz | https://github.com/NixOS/nixpkgs/pull/501606 | 11:57:19 |
 emily | uh, going by that blog post maybe we should just be slapping knownVulnerabilities on this thing or removing it... | 12:03:08 |
| emily | I guess if there's no known compromise in the previous version... | 12:04:25 |
 blitz | at least the knownVulnerabilites would be good to warn people that this thing is f***ed | 16:04:34 |
| blitz | * | 16:04:39 |
| 曜日 | @delroth:delroth.net — Greetings, do forgive the intrusion.
There is a line from your security wishlist that has stayed with me — that Hydra attestation was dependent on other projects to actually be useful. One of those projects may now exist.
The first is already built. https://github.com/eouzoe/Apeiron
Apeiron is a deterministic execution fabric — builds run inside Firecracker microVMs,
defined by Nix-hermetic closures. The build environment is sealed.
Every output is a cryptographic consequence of its inputs, and nothing else.
The question of whether the environment itself was clean is a different problem.
That is what comes next.
An observer at the kernel layer — eBPF LSM inside the boundary, watching at syscall level as execution happens. Signing takes place outside the hypervisor. A compromised guest cannot revise what the kernel recorded. The design is complete. What remains is building it.
If any of this is of interest, I would welcome a conversation. | 17:36:44 |
| 曜日 set a profile picture. | 17:37:26 |
 vcunat | expat: https://github.com/NixOS/nixpkgs/pull/501685 | 17:41:39 |
 raitobezarius | you should DM delroth directly, he's not involved in the NixOS project anymore | 17:43:02 |
