| 16 Apr 2026 |
 emily | what's going in circles is you restarting this argument unprompted every single time... | 16:37:39 |
 Sandro | It is the obvious solution in the room and what I as a maintainer what as an option and I am not heard. | 16:42:41 |
| Sandro | * It is the obvious solution in the room and what I as a maintainer want as an option and I am not heard. | 16:42:50 |
| Sandro | * It is the obvious solution in the room and what I as a maintainer want as an option and I am not being heard. | 16:42:54 |
| Sandro | * It is the obvious solution in the room and what I, as a maintainer, want as an option and I am not being heard. | 16:43:33 |
| Sandro | Especially when vulnerabilities are only relevant for a specific use case which might not even be a common one. Than I want to inform users of the software about it and if they for themselves have decided that the vulnerability does not apply to them and they have changed their configs to ignore it and accept the vulnerability than they should not feel a consequence. | 16:45:03 |
| emily | you're being heard, but the response to being heard has been people giving counterarguments and an end result of consensus against that position every time | 16:45:37 |
 leona | please not in this room.. | 16:45:56 |
| Sandro | Having to compile software on weak hardware (eg. a Rasperry Pi) is a consequence and sucks. Especially if you do not have a builder on that arch and compilation is expensive.
Me literally yesterday. | 16:46:03 |
| emily | apologies | 16:46:04 |
| emily | thought this was #security-discuss:nixos.org | 16:46:13 |
| 17 Apr 2026 |
 whispers [& it/fae] | re ^: https://github.com/NixOS/nixpkgs/pull/510184 still needs a manual backport to 25.11 and i don't have the time to do that for a while, if someone else wants to pick that up :3 | 14:31:28 |
 vcunat | https://github.com/NixOS/nixpkgs/pull/510931 | 14:52:29 |
 flx | https://github.com/NixOS/nixpkgs/pull/510558 | 16:11:39 |
|  dish [Fox/It/She] changed their profile picture. | 16:58:37 |
|  aaronedev joined the room. | 18:53:50 |
| 22 Apr 2026 |
| vcunat | CVE-2026-4367: libXpm Out-of-bounds read
https://lists.x.org/archives/xorg-announce/2026-April/003690.html | 06:21:10 |
| vcunat | * CVE-2026-4367: libXpm Out-of-bounds read
https://lists.x.org/archives/xorg-announce/2026-April/003690.html
EDIT: it's not small, Rebuild: linux 20383, darwin 8538 | 07:11:46 |
| flx | https://github.com/NixOS/nixpkgs/pull/512277 | 08:50:52 |
| 23 Apr 2026 |
 Scrumplex | NixOS is probably less affected than others, but there is a high severity fix for packagekit here:
https://github.com/NixOS/nixpkgs/pull/512652
See https://www.openwall.com/lists/oss-security/2026/04/22/6 | 06:42:42 |
|  Paul joined the room. | 16:12:57 |
|  Hythera joined the room. | 21:04:24 |
| Hythera | All PRs approved by at least one of their respected maintainers; would be nice if someone could take a look at them :)
https://github.com/NixOS/nixpkgs/pull/511009
https://github.com/NixOS/nixpkgs/pull/511515
https://github.com/NixOS/nixpkgs/pull/512781 | 21:06:30 |
|  John joined the room. | 22:31:28 |
|  gigacode joined the room. | 23:55:08 |
| 24 Apr 2026 |
|  Matthew Hiles joined the room. | 00:51:35 |
| 27 Apr 2026 |
 Samuel Dionne-Riel | "old" PR for gdk-pixbuf bump includes a security fix (not clearly outlined in their changelog): https://github.com/NixOS/nixpkgs/pull/507383 | 14:02:16 |
| vcunat | About urgency... is it bad for 32-bit systems only? | 14:10:54 |
| vcunat | (thinking of that because of staging-next-25.11 in progress) | 14:11:13 |
| Samuel Dionne-Riel | I don't know if I have the knowledge to state for sure, but “64-bit exploitation primitives verified”, just demonstrated on 32-bit? | 14:12:22 |
