!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

726 Members
Coordination and triage of security issues in nixpkgs222 Servers

Load older messages

SenderMessageTime
16 Apr 2026
@sandro:supersandro.deSandroEspecially when vulnerabilities are only relevant for a specific use case which might not even be a common one. Than I want to inform users of the software about it and if they for themselves have decided that the vulnerability does not apply to them and they have changed their configs to ignore it and accept the vulnerability than they should not feel a consequence. 16:45:03
@emilazy:matrix.orgemilyyou're being heard, but the response to being heard has been people giving counterarguments and an end result of consensus against that position every time16:45:37
@leona:leona.isleonaplease not in this room..16:45:56
@sandro:supersandro.deSandroHaving to compile software on weak hardware (eg. a Rasperry Pi) is a consequence and sucks. Especially if you do not have a builder on that arch and compilation is expensive. Me literally yesterday.16:46:03
@emilazy:matrix.orgemilyapologies16:46:04
@emilazy:matrix.orgemily thought this was #security-discuss:nixos.org 16:46:13
17 Apr 2026
@whispers:catgirl.cloudwhispers [& it/fae]re ^: https://github.com/NixOS/nixpkgs/pull/510184 still needs a manual backport to 25.11 and i don't have the time to do that for a while, if someone else wants to pick that up :314:31:28
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/51093114:52:29
@flx-:matrix.orgflxhttps://github.com/NixOS/nixpkgs/pull/51055816:11:39
@pyrox:pyrox.devdish [Fox/It/She] changed their profile picture.16:58:37
@aaronedev:matrix.orgaaronedev joined the room.18:53:50
22 Apr 2026
@vcunat:matrix.orgvcunatCVE-2026-4367: libXpm Out-of-bounds read https://lists.x.org/archives/xorg-announce/2026-April/003690.html06:21:10
@vcunat:matrix.orgvcunat* CVE-2026-4367: libXpm Out-of-bounds read https://lists.x.org/archives/xorg-announce/2026-April/003690.html EDIT: it's not small, Rebuild: linux 20383, darwin 853807:11:46
@flx-:matrix.orgflxhttps://github.com/NixOS/nixpkgs/pull/51227708:50:52
23 Apr 2026
@scrumplex:duckhub.ioScrumplexNixOS is probably less affected than others, but there is a high severity fix for packagekit here: https://github.com/NixOS/nixpkgs/pull/512652 See https://www.openwall.com/lists/oss-security/2026/04/22/606:42:42
19 May 2021
@grahamc:nixos.org@grahamc:nixos.org set the history visibility to "world_readable".22:57:54
@grahamc:nixos.org@grahamc:nixos.org changed the room name to "" from "".22:57:54
@andreas.schraegle:helsinki-systems.deajs124 joined the room.22:58:46
@andi:kack.itandi- joined the room.23:00:51
@hexa:lossy.networkhexa joined the room.23:01:24
@sushi_dude:matrix.orgSushi Dude joined the room.23:04:45
@0x4a6f:matrix.org[0x4A6F] joined the room.23:04:54
@sumner:sumnerevans.comsumner joined the room.23:11:04
@sugi:matrix.besaid.desugi joined the room.23:24:52
@foxboron:archlinux.orgFoxboron joined the room.23:32:00
@adisbladis:matrix.orgadisbladis joined the room.23:43:35
20 May 2021
@sandro:supersandro.deSandro joined the room.00:06:39
@schatztruhe:stratum0.orgnora joined the room.00:31:53
@mkos:matrix.orgMark joined the room.00:38:14
@andreas.schraegle:helsinki-systems.deajs124 changed their display name from Andreas Schrägle to ajs124.00:40:47

Show newer messages

Back to Room ListRoom Version: 6