| 10 Sep 2025 |
 hexa | https://kb.cert.org/vuls/id/461364 no new release yet, releases look like code drops | 02:17:22 |
| hexa | * https://kb.cert.org/vuls/id/461364 no new release yet, releases look like code drops https://gitlab.com/hsleisink/hiawatha/-/commits/master?ref_type=HEADS | 02:17:32 |
| hexa | only maintainer was removed in 2019 and the package has been carried forth since by r-ryantm | 02:20:14 |
| hexa |
Hiawatha is no longer actively supported by the developer, but the developer acknowledges the vulnerabilities and has included mitigations and remediations to all three vulnerabilities in the next release.
| 02:20:34 |
 dish [Fox/It/She] | there aren't any consumers in nixpkgs, nor in any public config repos from a cursory glance at sourcegraph, so since there's no maintainers we could consider dropping | 02:23:29 |
| hexa | https://github.com/NixOS/nixpkgs/pull/441645 | 02:24:21 |
| hexa | same thought | 02:24:26 |
| dish [Fox/It/She] | 🫡 | 02:30:22 |
| dish [Fox/It/She] | considering a drop is technically breaking, add a nixpkgs release note maybe? | 02:30:55 |
| hexa | sure, why not. | 02:33:50 |
| hexa | pushed | 02:33:51 |
| dish [Fox/It/She] | perfect, ty! lgtm | 02:34:48 |
 Grimmauld (any/all) | In reply to @pyrox:pyrox.dev
considering a drop is technically breaking, add a nixpkgs release note maybe? We have throws in aliases.nix, IMO package removals are discoverable enough to not need release notes. Our rlnotes are already entirely unreadable and way too verbose... | 07:06:21 |
| hexa | https://seclists.org/oss-sec/2025/q3/160
https://seclists.org/oss-sec/2025/q3/161 | 09:44:45 |
| dish [Fox/It/She] | In reply to @grimmauld:grapevine.grimmauld.de
We have throws in aliases.nix, IMO package removals are discoverable enough to not need release notes. Our rlnotes are already entirely unreadable and way too verbose... fair | 12:09:37 |
|  @nerves:bark.lgbt left the room. | 12:31:55 |
 Sandro | First time seeing a test without a module 😅 | 13:06:47 |
 niklaskorz | the freshly dropped minecraft package had one too! (oops this is triage, not discussion) | 13:07:23 |
|  Artem Leshchev joined the room. | 16:20:25 |
| Artem Leshchev set a profile picture. | 16:25:49 |
| 11 Sep 2025 |
 K900 | It's a day that ends in Y | 16:15:35 |
| K900 | And you know what that means | 16:15:37 |
| K900 | New! Intel! Side! Channel! Vulns! | 16:15:43 |
| K900 | https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.16.7 | 16:15:44 |
| K900 | Can someone please do the thing | 16:15:48 |
 Alyssa Ross | I was wondering why I was seeing even more stable kernels | 16:17:31 |
 adamcstephens | AMD is also affected | 16:25:02 |
 aloisw | I love how they already vaguely described this years ago when Spectre was published and yet it took until now to actually fix. | 16:34:59 |
| dish [Fox/It/She] | do we have a "days since CPU side channel vulns" counter | 16:44:04 |
| dish [Fox/It/She] | * do we have a "days since new CPU side channel vuln" counter | 16:44:08 |
