| 26 Jun 2024 |
|  @oliviacrain:matrix.org left the room. | 17:02:33 |
|  maralorn joined the room. | 20:59:22 |
| maralorn | I would like to merge this security fix for pandoc into master asap. However it has a 501-1000 tag, is that acceptable in this case? https://github.com/NixOS/nixpkgs/pull/322669 | 21:00:56 |
 hexa | go for it | 21:01:38 |
 tgerbet | I will have access to my aarch64 builder in ~1h to confirm but my nixpkgs-review for half the builds looked fine | 21:05:08 |
| tgerbet | There are a lot of things but mainly small ones | 21:06:48 |
| maralorn | I am super certain that that patch will not affect downstream packages.^^ | 21:10:05 |
| maralorn | * I am quite certain that that patch will not affect downstream packages.^^ It only modifies a template. | 21:10:51 |
| 27 Jun 2024 |
| maralorn | How important is it to back port fixes to 23.11? | 00:39:13 |
 vcunat | I'm not sure, but the promise of maintenance ends in a couple days. | 05:29:49 |
 Markus Theil | https://www.openssl.org/news/secadv/20240627.txt | 11:07:28 |
| Markus Theil | Even with low severity, I'll open PRs this evening if time permits. | 11:07:52 |
| Markus Theil | * Even with low severity, I'll open PRs this evening if time permits. I have no real overview, if this is a issue somewhere, but buffer overread/possible information leak should be enough to take some action. | 11:09:08 |
| Markus Theil | The low severity issues I did not included as patches but waited for the next minor release were causing high load/DoS but no information disclosure. This is just my personal distinction between patch and wait. I hope at least some of you share this view. | 11:10:44 |
| Markus Theil | * The low severity issues I did not include as patches but waited for the next minor release in the past were causing high load/DoS but no information disclosure. This is just my personal distinction between patch and wait. I hope at least some of you share this view. | 11:11:08 |
| Markus Theil | Also add patches to 23.11 as asked above? | 11:14:58 |
| hexa | please | 11:15:10 |
| hexa | if it is not too big a hassle | 11:15:27 |
| Markus Theil | No real issue, just asking. | 11:15:47 |
|  hxr404 ✨ [she/her] joined the room. | 23:32:08 |
| 28 Jun 2024 |
|  @axiomss:matrix.org left the room. | 04:13:15 |
| 29 Jun 2024 |
|  mib 🥐 changed their profile picture. | 22:24:23 |
| 30 Jun 2024 |
|  tlaurion aka Insurgo [ Timezone: ET ] changed their display name from tlaurion aka Insurgo [UTC-4] to tlaurion aka Insurgo [UTC-4] (Canadian Dominion holiday, back July 2nd). | 17:28:30 |
| 1 Jul 2024 |
 ari ❄ | https://www.openssh.com/releasenotes.html | 08:35:55 |
 K900 | Oh no | 08:37:08 |
 emily | do openssh bumps go to master or staging? | 08:40:51 |
 Alyssa Ross | master | 08:41:12 |
| Alyssa Ross | e.g. https://github.com/NixOS/nixpkgs/pull/295133 | 08:41:22 |
| K900 | I can do a PR in like 30 | 08:41:50 |
| emily | I'm building already & can do the PR but I don't know if there's specific procedure around assigning an advisory or whatever | 08:41:50 |
