| 23 Sep 2024 |
 K900 | Please don't | 16:36:43 |
 @purpleseaotter:nope.chat | In reply to @k900:0upti.me
Please don't Any reason? I wont but im a little confused | 16:37:14 |
| K900 | Rewriting room history generally makes things more confusing | 16:37:40 |
| K900 | And people who follow the room have already been pinged and deleting your message won't unping them | 16:37:55 |
| @purpleseaotter:nope.chat left the room. | 17:13:29 |
 Fabián Heredia | https://x.com/evilsocket/status/1838169889330135132
Claims 9.9 RCE unauthenticated over network affecting all GNU/Linux Systems | 18:02:39 |
| Fabián Heredia | Says openwall disclosure coming on Sept 30 | 18:06:13 |
| Fabián Heredia | https://x.com/evilsocket/status/1838241608979960285 | 18:06:17 |
 hexa | https://xcancel.com/evilsocket/status/1838169889330135132 | 18:08:36 |
| hexa | full thread for those w/o twatteer | 18:08:41 |
| hexa | * full thread for those w/o twatter | 18:08:44 |
 vcunat | Not sure. I read the thread that workarounds will be known on Oct 6, so I'm not sure how specific it will be on Sep 30. | 18:12:51 |
 emily | openwall presumably means the private distros list that we're not on | 18:13:19 |
| emily | this is a time it would be really nice to have a representative there even if we can't do secret Hydra builds | 18:13:41 |
| hexa | #security-discuss:nixos.org | 18:14:03 |
| hexa | ---\ | 18:14:23 |
| hexa | *
| 18:14:26 |
| 24 Sep 2024 |
|  h7x4 joined the room. | 11:07:21 |
| hexa | https://github.com/NixOS/nixpkgs/pull/344149 traefik fyi | 12:30:29 |
|  mei 🌒& changed their profile picture. | 23:19:32 |
| 26 Sep 2024 |
| Fabián Heredia set a profile picture. | 01:15:50 |
 Alyssa Ross | https://github.com/NixOS/nix/compare/2.24.7...2.24.8 | 08:11:54 |
| Alyssa Ross |
builtin:fetchurl: Enable TLS verification
| 08:12:22 |
| Alyssa Ross |
Ensure error messages don't leak private key
| 08:12:30 |
| Alyssa Ross | https://github.com/NixOS/nixpkgs/pull/344601 | 08:26:33 |
|  Arian joined the room. | 12:33:00 |
| Arian | This affects all nix versions. We need to make PRs for all the backports too no? | 12:34:17 |
| Arian | Not just 2.24-specific afaics | 12:34:25 |
| emily | yes. looks like 2.18 is out, someone should open a PR. no other versions yet, waiting for Eelco to cut the tags I assume. (further discussion should probably go in #security-discuss:nixos.org) | 12:35:40 |
 Mic92 | In reply to @qyliss:fairydust.space
builtin:fetchurl: Enable TLS verification
I would argue the "information leak" should not affect many people. <nix/fetchurl.nix> is manly used by bootstrap tarballs. | 18:48:48 |
