| 16 Dec 2023 |
 hexa | any plans for a 23.05 port of the fixes? | 01:41:48 |
 Artturin | In reply to @hexa:lossy.network
any plans for a 23.05 port of the fixes? Cherry picking the commits to jq 1.6 has large conflicts and the code touched doesn't exist at all | 01:47:55 |
| hexa | so unlikely to be vulnerable? | 01:48:13 |
| Artturin | Possibly but 1.6 is 5 years old so | 01:48:55 |
| Artturin | The code could exist in a very different form | 01:49:14 |
 Lily Foster | In reply to @hexa:lossy.network
so unlikely to be vulnerable? The GHSA's both say first affected is 1.7 | 01:49:23 |
| hexa | awesome! | 01:50:09 |
 ris_ | hah jq author does first new release in years, 2 CVEs - that'll teach him! | 14:05:52 |
|  syd installs gentoo (they/them) joined the room. | 14:20:11 |
| syd installs gentoo (they/them) | FYI https://discourse.nixos.org/t/nixos-discourse-misconfigured-to-embed-external-img-src/36956 | 14:20:39 |
| hexa | forwarded to the admin team | 14:37:32 |
| syd installs gentoo (they/them) | In reply to @hexa:lossy.network
forwarded to the admin team thanks, have a nice weekend! | 14:49:09 |
| ris_ | https://github.com/NixOS/nixpkgs/pull/271645 | 18:08:02 |
| 17 Dec 2023 |
|  tlaurion aka Insurgo [ Timezone: ET ] changed their display name from Insurgo aka tlaurion (away) to Insurgo aka tlaurion (Timezone: UTC-5). | 04:05:03 |
| tlaurion aka Insurgo [ Timezone: ET ] changed their display name from Insurgo aka tlaurion (Timezone: UTC-5) to Insurgo aka tlaurion (TZ: UTC-5). | 04:05:11 |
| tlaurion aka Insurgo [ Timezone: ET ] changed their profile picture. | 04:05:33 |
| tlaurion aka Insurgo [ Timezone: ET ] changed their profile picture. | 04:06:02 |
|  ·☽•Nameless☆•777 · ± changed their profile picture. | 04:39:22 |
| tlaurion aka Insurgo [ Timezone: ET ] changed their profile picture. | 04:44:12 |
| tlaurion aka Insurgo [ Timezone: ET ] changed their profile picture. | 04:46:28 |
| hexa | https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ | 22:13:51 |
| hexa | release planned for tomorrow | 22:14:13 |
| 18 Dec 2023 |
 Sandro | That's an out of tree module, so patch-galore.... | 13:01:55 |
|  @vengmark2:matrix.org joined the room. | 20:19:35 |
| @vengmark2:matrix.org | Hi, I hope this is the appropriate channel to mention the Terrapin Attack. It seems the relevant paragraphs are these:
If you feel uncomfortable waiting for your SSH implementation to provide a patch, you can workaround this vulnerability by temporarily disabling the affected chacha20-poly1305@openssh.com and -etm@openssh.com MAC algorithms in the configuration of your SSH server (or client), and use unaffected algorithms like AES-GCM instead.
Fair word of warning: If configured improperly or your client does not support these algorithms, you may loose access to your server.
Maybe we could remove references to those algos?
| 20:28:17 |
 K900 | #NixOS Security Discussion | 20:29:41 |
| @vengmark2:matrix.org left the room. | 20:31:20 |
| 19 Dec 2023 |
|  Julia DeMille joined the room. | 02:04:02 |
| 20 Dec 2023 |
|  bb_wtt.jpeg joined the room. | 11:58:48 |
|  @julian:nekover.se changed their display name from June to June 📞 5863. | 23:32:03 |
bb_wtt.jpeg