!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

747 Members
Coordination and triage of security issues in nixpkgs233 Servers

Load older messages

SenderMessageTime
5 Jun 2021
@hexa:lossy.networkhexayou mean r-ryantm?03:02:22
@pennae:matrix.eno.spacepennaeyup03:02:45
@hexa:lossy.networkhexadoesn't really work for every package03:03:22
@hexa:lossy.networkhexa you can try out nixpkgs-update and see if it would've worked on postgresql_13 for example 03:03:35
@hexa:lossy.networkhexahttps://github.com/ryantm/nixpkgs-update03:03:44
@pennae:matrix.eno.spacepennaeyeah, looking through it right now03:04:20
@pennae:matrix.eno.spacepennaemust've misremembered where it pulls update info from03:04:36
@ryantm:matrix.orgryantmYou can also try looking at the logs https://r.ryantm.com/log/04:09:02
@pennae:matrix.eno.spacepennaeoh yikes, noticing onlt now that the update is two weeks old already04:16:52
@flexagoon:matrix.org[M] flexagoon joined the room.04:38:22
@flexagoon:matrix.org[M] flexagoonHello, sorry for the dumb question, but are the apps on NixOS sandboxed?04:39:23
@flexagoon:matrix.org[M] flexagoonNVM, figured it out myself04:47:25
@flexagoon:matrix.org[M] flexagoon left the room.04:47:29
@r_i_s:matrix.orgris_https://github.com/NixOS/nixpkgs/pull/12512311:33:14
@hexa:lossy.networkhexahuh, is 2.9.10 -> 2.9.11/12 such a big jump?12:04:03
@hexa:lossy.networkhexa * ris_: huh, is 2.9.10 -> 2.9.11/12 such a big jump? 12:04:18
@hexa:lossy.networkhexathere are already patches in there, I don't mind the patching, just wondering if they don't do semver?12:04:50
@r_i_s:matrix.orgris_well, it introduced the annoying lxml breakage12:05:01
@hexa:lossy.networkhexaah, yeah. libxml2.12:05:14
@hexa:lossy.networkhexaI remember 🔥12:05:26
@hexa:lossy.networkhexaI wouldn't be surprised if a handful of things land on staging-20.09 before the months end12:06:32
@r_i_s:matrix.orgris_ok i'll retarget it12:09:25
@r_i_s:matrix.orgris_i generally tend to think of semver as "an aspiration"12:11:04
@r_i_s:matrix.orgris_different projects succeed in following it to different degrees12:12:07
@r_i_s:matrix.orgris_and of course there's no hard definition of what's breaking and what's not so it's hard12:12:26
@hexa:lossy.networkhexaonce merged staging-20.09 will start an eval on hydra15:06:29
@hexa:lossy.networkhexaso let's maybe give it one or two days, idk15:06:38
@hexa:lossy.networkhexathe situation isn't ideal15:06:43
@hexa:lossy.networkhexaThe 20.09 release has received roughtly 260 security related backports until today16:57:39
@hexa:lossy.networkhexa * The 20.09 release has received roughtly 260 security related backports until today 💪17:05:19

Show newer messages

Back to Room ListRoom Version: 6