| 24 Jul 2021 |
 Michael Lieberman | I'll be able to take a look later in the weekend, but yeah SPDX is a spec for bill of materials as well as also a standard that fits the spec. Put simply it asks for stuff like name of package, version, license, and then there's a whole load of optional stuff that can be included like URL, checksum of the package, etc. I recognize that a lot of this stuff comes for free in Nix derivations, narinfo, etc., but it's useful to come in and validate from the outside. Especially some stuff like Nix built containers. The SBOM can be used to validate the container contents after the fact. It's something that can also be distributed alongside the container which won't include the derivation info inside the container and the SPDX standard is becoming more adopted.
Thanks for the link though. I'll take a closer look in a couple of days. | 02:50:53 |
| 25 Jul 2021 |
 nixinator | In reply to @mlieberman85:matrix.org
I'll be able to take a look later in the weekend, but yeah SPDX is a spec for bill of materials as well as also a standard that fits the spec. Put simply it asks for stuff like name of package, version, license, and then there's a whole load of optional stuff that can be included like URL, checksum of the package, etc. I recognize that a lot of this stuff comes for free in Nix derivations, narinfo, etc., but it's useful to come in and validate from the outside. Especially some stuff like Nix built containers. The SBOM can be used to validate the container contents after the fact. It's something that can also be distributed alongside the container which won't include the derivation info inside the container and the SPDX standard is becoming more adopted.
Thanks for the link though. I'll take a closer look in a couple of days. super, it maybe be possible to calculate this SBOM after the thing is built, but only if the software is 100% reproducable. Then it's just a matter of hashing the outputs, and create a database of what hashes match what derivations. Aynway, what ever you want to do, nix probably is the closing thing that can do it the world right now. PM me if your interested in things around this. | 16:24:03 |
 ris_ | ugh varnish https://nvd.nist.gov/vuln/detail/CVE-2021-36740 | 18:18:29 |
| ris_ | fixes for 6.0 branch and 6.5 branch | 18:18:51 |
| ris_ | we have 6.0 branch, 6.2 and 6.3 branches | 18:19:04 |
| ris_ | slightly encouraging is how similar the patches are for 6.0 and 6.5 | 18:19:41 |
| ris_ | so patches for 6.2 and 6.3 should be some interpolation of the two | 18:20:28 |
 Sandro | If we don't have the 6.5 branch the maintainer is really active | 18:48:23 |
 @grahamc:nixos.org |
Given Windows 11 has it as a requirement, any operating system which doesn't support it at all can't boot. Not without reconfiguring your BIOS at every reboot, at any rate, which I don't think many people are going to do. Personally I've been running an indev version of 11, and...
anyone have sources to back this up? sounds like unsubstantiated FUD to me
| 19:00:37 |
 hexa | https://www.microsoft.com/en-us/windows/windows-11-specifications | 19:51:20 |
| hexa |
UEFI, Secure Boot capable
| 19:51:28 |
| hexa | *
UEFI, Secure Boot capable
| 19:51:32 |
| hexa | vs https://support.microsoft.com/en-us/windows/windows-10-system-requirements-6d4e9a79-66bf-7950-467c-795cf0386715 | 19:51:43 |
| hexa | * hs ttps://www.microsoft.com/en-us/windows/windows-10-specifications | 19:52:03 |
| hexa | * vs https://www.microsoft.com/en-us/windows/windows-10-specifications | 19:52:11 |
| hexa | so in win10 it was a feature-specific requirement, in win11 it looks to be a requirement | 19:52:51 |
| @grahamc:nixos.org | So, just needs to be capable. Fud then | 20:44:39 |
| nixinator | In reply to @grahamc:nixos.org
So, just needs to be capable. Fud then gotta love the fud........'loveeeee the fuuuuuuuud'. | 22:12:20 |
| 26 Jul 2021 |
|  Dan joined the room. | 02:56:44 |
| hexa | https://www.oracle.com/security-alerts/cpujul2021.html | 17:49:50 |
| hexa | (update mysql >8.0.25) | 17:50:04 |
| hexa | and aspell https://nvd.nist.gov/vuln/detail/CVE-2019-25051 | 17:53:42 |
| 28 Jul 2021 |
 julianst | In reply to @grahamc:nixos.org
Given Windows 11 has it as a requirement, any operating system which doesn't support it at all can't boot. Not without reconfiguring your BIOS at every reboot, at any rate, which I don't think many people are going to do. Personally I've been running an indev version of 11, and...
anyone have sources to back this up? sounds like unsubstantiated FUD to me
I'm not sure where the misinformation comes from. If Windows 11 mandates a TPM 2.0 that has no impact on anyone. It doesn't mean that Secure Boot cannot be disabled anymore | 12:37:34 |
 philipp | In reply to @js:ukvly.org
I'm not sure where the misinformation comes from. If Windows 11 mandates a TPM 2.0 that has no impact on anyone. It doesn't mean that Secure Boot cannot be disabled anymore There has been fud about this for every windows release since at least windows 7, I wouldn't worry about it for now. There is also antitrust regulations in place for things like this. | 12:43:55 |
|  stick changed their display name from prusnak to stick. | 15:09:42 |
 toonn | Requiring certain hardware for your OS doesn't sound at all like antitrust to me? | 19:34:34 |
| toonn | It's like not supporting your OS on ARM. | 19:34:54 |
 Roos | I'd argue things change when you're OS is very much used and you artificially limit compatibility. | 19:35:45 |
| toonn | I mean, Apple's clear prior art. | 19:37:16 |
| Roos | An argument could be made about compelling people to replace perfectly working hardware with new one. | 19:37:18 |
