| 1 Oct 2023 |
 vcunat | I really hate when importance is not stated and bug report links are private, so what one could do is only analyze the commit. Sure, no need to publish how to exploit it, but if you don't indicate severity... | 05:51:17 |
| vcunat | Maybe just wait, e.g. Firefox only released for the previous bug (VP8, not VP9 yet) | 05:57:31 |
| vcunat | * Maybe just wait, e.g. Firefox only released for the previous bug (VP8, not VP9 yet)
EDIT: now I noticed the topic on #security-discuss:nixos.org but even there these questions aren't answered yet.
| 06:23:22 |
|  ErrorNoInternet joined the room. | 08:32:35 |
|  Mikael Fangel joined the room. | 09:31:50 |
| 2 Oct 2023 |
 ajs124 | https://github.com/NixOS/nixpkgs/pull/258581
haven't tested much, but will do so now. if I don't draft it in the next hour or so, this can probably be merged. | 13:25:15 |
|  ·☽•Nameless☆•777 · ± changed their profile picture. | 15:49:55 |
| ·☽•Nameless☆•777 · ± changed their profile picture. | 15:56:16 |
| 3 Oct 2023 |
 Domen Kožar | https://twitter.com/bagder/status/1709103920914526525 | 14:14:43 |
 raitobezarius |
pretty much, yes. But this time actually the worst security problem found in curl in a long time.
| 14:15:06 |
| raitobezarius | (hope it's not my code) | 14:15:14 |
 delroth | cc vcunat - we should figure out a staging-next timeline that works well with this (libcurl patch dropping on Oct 11) | 14:59:17 |
| delroth | dunno if we should extend the current staging-next cycle or make a short next cycle | 14:59:42 |
| vcunat | curl is mainly a problem because of rebuilding darwin stdenvs. Not that much otherwise IIRC. | 15:00:09 |
| vcunat | Our farm has constant amount of darwin. (almost all aarch64+rosetta) | 15:01:20 |
| delroth | https://github.com/NixOS/nixpkgs/pull/244468 5001+ Linux too apparently (let's maybe switch this discussion to the other channel) | 15:01:58 |
| vcunat | * curl is mainly a problem because of rebuilding darwin stdenvs. Not that much otherwise IIRC. EDIT: I was wrong, probably, looks big on linux, too. | 15:15:40 |
|  tlaurion aka Insurgo [ Timezone: ET ] changed their display name from Insurgo aka tlaurion (AFK) to Insurgo aka tlaurion (TZ: UTC-4). | 23:41:16 |
| 4 Oct 2023 |
 hexa | https://lists.x.org/archives/xorg/2023-October/061506.html | 01:24:04 |
| hexa | no idea who to tag tbh | 01:24:43 |
| raitobezarius | cc K900 ⚡️ Jan Tojnar and NickCao who touched this stuff last time AFAIK | 01:26:23 |
 Artturin | In reply to @hexa:lossy.network
https://lists.x.org/archives/xorg/2023-October/061506.html https://github.com/NixOS/nixpkgs/pull/258841 | 02:18:35 |
 K900 | Wait me | 05:56:46 |
| K900 | When did I touch Xorg stuff | 05:56:56 |
 Fabián Heredia | i'm suggested by github and don't remember commiting/changing that either 😅 | 05:58:56 |
| Fabián Heredia | 
Download image.png | 05:59:31 |
| K900 | Oh | 06:00:13 |
| K900 | https://github.com/NixOS/nixpkgs/commit/c018561f5467bdbcae1364220000d69431771d68 | 06:00:14 |
| K900 | lmao | 06:00:15 |
| Fabián Heredia | oh wait I did https://github.com/NixOS/nixpkgs/pull/238116 | 06:00:28 |
