!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

682 Members
Coordination and triage of security issues in nixpkgs214 Servers

Load older messages

SenderMessageTime
21 May 2021
@mm-:matrix.orgJosh joined the room.20:06:58
@toonn:matrix.orgtoonn joined the room.20:15:08
@toonn:matrix.orgtoonnAh, this is about general security/crypto, not specifically NixOS security updates?21:42:18
@synthetica:matrix.orgSyntheticaNo, it's about NixOS security updates if I'm correct21:43:19
@hexa:lossy.networkhexaYes, the security of NixOS/nixpkgs21:53:49
@toonn:matrix.orgtoonnOh, cool anyway. Was fooled by the blockchain memes.21:53:52
@hexa:lossy.networkhexasorry :)21:54:02
@maralorn:maralorn.demaralorn left the room.21:54:41
@kevincox:matrix.orgkevincoxIt is a probably good idea to decide on a topic and post it.23:03:41
@hexa:lossy.networkhexado you have a proposal?23:06:10
@hexa:lossy.networkhexaI don't think linking vulnerability roundup issues is really valuable23:06:38
@kevincox:matrix.orgkevincoxWell I barely no what this room is about. Discussing security patches? Announcing security patches?23:07:04
@kevincox:matrix.orgkevincoxDiscussions about security posture in general? All of the above?23:07:30
@hexa:lossy.networkhexatriage23:07:31
@hexa:lossy.networkhexatriage of security issues in nixpkgs23:08:02
@hexa:lossy.networkhexacoordination23:08:07
@kevincox:matrix.orgkevincox

"Discussion around triage and coordination of security issues in nixpkgs."

?

23:08:40
@kevincox:matrix.orgkevincox Or just drop the "Discussion around" bit as it is redundant. 23:09:28
@hexa:lossy.networkhexayup, something like that would be good23:09:49
@kevincox:matrix.orgkevincox I don't think I have permission and grahamc seems really busy but maybe we can get that set, or get some more mods when things cool down. 23:11:10
@grahamc:nixos.org@grahamc:nixos.orgchanged room power levels.23:11:27
@hexa:lossy.networkhexa set the room topic to "Coordination and triage of security issues in nixpkgs".23:11:54
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/12394123:21:43
@hexa:lossy.networkhexaThe homeserver.signing.key is currently world-readable 😢23:22:08
@hexa:lossy.networkhexaWe plan to get this merged and backported tomorrow-ish.23:22:45
@hexa:lossy.networkhexa * The homeserver.signing.key and media are currently world-readable 😢 23:39:07
@hexa:lossy.networkhexa * The homeserver.signing.key and media directory are currently world-readable 😢 23:39:28
@hexa:lossy.networkhexaLooks like upstream packaging suffers from a similar issue: https://github.com/matrix-org/synapse/issues/1000823:52:56
@hexa:lossy.networkhexahttps://github.com/matrix-org/synapse/issues/152823:53:15
@andi:kack.itandi-In practice it isn't really exploitable as the folder is not world readable but that isn't a reason not to do it properly 23:54:00

Show newer messages

Back to Room ListRoom Version: 6