| 24 Jan 2025 |
 emily | but it's still not great | 12:08:02 |
| emily | (oops, this is triage room again) | 12:08:02 |
 Niklas Korz | Matomo 5.2.2 has "several high-impact security fixes": https://github.com/NixOS/nixpkgs/pull/376385
PR for release-24.11 following in a moment, automatic backport won't work atm because the package has been refactored in master and I'm still working on manually backporting those changes as well (also non-trivial because we dropped matomo 4 in unstable and renamed) | 13:30:12 |
| Niklas Korz | * Matomo 5.2.2 has "several high-impact security fixes": https://github.com/NixOS/nixpkgs/pull/376385
PR for release-24.11 following in a moment, automatic backport won't work atm because the package has been refactored in master and I'm still working on manually backporting those changes as well (also non-trivial because we dropped matomo 4 in unstable and renamed matomo_5 to matomo) | 13:30:27 |
| Niklas Korz | In reply to @niklaskorz:korz.dev
Matomo 5.2.2 has "several high-impact security fixes": https://github.com/NixOS/nixpkgs/pull/376385
PR for release-24.11 following in a moment, automatic backport won't work atm because the package has been refactored in master and I'm still working on manually backporting those changes as well (also non-trivial because we dropped matomo 4 in unstable and renamed matomo_5 to matomo) Manual backport: https://github.com/NixOS/nixpkgs/pull/376389 | 13:50:44 |
| 25 Jan 2025 |
|  @mlieberman85:matrix.org left the room. | 04:30:20 |
|  aloisw changed their profile picture. | 10:22:09 |
 hexa | https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0 | 13:48:24 |
| hexa | dotlambda Sandro š§ | 13:48:30 |
 Sandro š§ | Well do in an hour or two | 14:14:19 |
 dotlambda | I'm on it. The webvault update requires some manual work | 16:42:43 |
| dotlambda | https://github.com/NixOS/nixpkgs/pull/376765 | 18:08:26 |
| 27 Jan 2025 |
|  Brisingr joined the room. | 02:51:21 |
| Niklas Korz | Backport of a high severity fix, accepted by original PR author a week ago: https://github.com/NixOS/nixpkgs/pull/375532#issuecomment-2605160183 | 16:18:24 |
| 28 Jan 2025 |
|  tomf joined the room. | 00:23:57 |
| tomf | FYI, I see the Woodpecker CI plugin for Nix that's advertised on their site has the author's key in extra-trusted-public-keys. I've raised this as https://github.com/woodpecker-ci/woodpecker/issues/4785 | 00:25:06 |
| tomf | If Woodpecker is popular, it might be nice if that project ends up in nix-community. | 00:26:30 |
 adamcstephens | Thatās a third party project and not really something for us to fix.Ā You already reported in their repo so I guess thatās all to be done? Itās a pretty simple plugin if you look through the code, and woodpecker can also run with a local backend allowing access to nix without dockerĀ | 00:30:43 |
| tomf | Yes, I mentioned it as an FYI to the channel, rather than email to security team because I see it's outside of the team's control/responsibility. I'll keep on top of the issues. | 00:31:29 |
| adamcstephens | Having woodpecker remove it from their list seems reasonableĀ | 00:31:48 |
| hexa | we don't ship any 3rd party woodpecker plugins? | 00:32:02 |
| adamcstephens | We ship the required git plugin and apparently one for transforming from other CI definitionsĀ | 00:33:20 |
| adamcstephens | Most plugins are docker containers that are pulled on demandĀ | 00:34:34 |
| 30 Jan 2025 |
| hexa | https://www.openwall.com/lists/oss-security/2025/01/29/1 bind9 globin | 00:22:28 |
| hexa | globin: you last touched this package in 2019, can you please update your maintainership? | 00:23:52 |
| hexa | https://github.com/NixOS/nixpkgs/pull/377848 | 00:35:06 |
| 31 Jan 2025 |
|  cafkafk changed their profile picture. | 05:06:12 |
|  Jonas Chevalier changed their display name from Jonas Chevalier to Jonas Chevalier (FOSDEM). | 19:12:22 |
|  SomeoneSerge (back on matrix) changed their display name from SomeoneSerge to SomeoneSerge (Bruxelles). | 19:32:15 |
|  raboof changed their display name from raboof to raboof@FOSDEM. | 23:55:21 |
