!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

747 Members
Coordination and triage of security issues in nixpkgs230 Servers

Load older messages

SenderMessageTime
23 Jun 2021
@pennae:matrix.eno.spacepennaenot sure we're qualified14:29:49
@hexa:lossy.networkhexacan only encourage you to try 😀14:34:18
@pennae:matrix.eno.spacepennaemight try at some point. the last module we tried to modify kind of fizzled in review 😶14:35:38
@hexa:lossy.networkhexathere are even nixos tests that you can use to verify you didn't break anything :)14:35:42
@pennae:matrix.eno.spacepennae grubbing around in system daemons is a bit scary tbh
at least mosquitto isn't that important (and also had tests (that were half broken)) 		14:39:27
@hexa:lossy.networkhexamosquitto was also haphazardly bumped a major version number just before the release14:51:25
@hexa:lossy.networkhexaignoring the resulitng breakage, not nice.14:51:43
@pennae:matrix.eno.spacepennaeand our PR to fix the module being extremely limited has seen basically no review since ... when was it, beginning of may?14:53:53
@pennae:matrix.eno.spacepennae at leas the bump didn't break anything here :/ 14:54:31
@pennae:matrix.eno.spacepennae oh hey, you're on that one as a reviewer hexa 😛 15:26:13
@hexa:lossy.networkhexauh, yeah. I know 😓15:26:51
@hexa:lossy.networkhexaI did the systemd hardening on that module and something else15:27:14
@pennae:matrix.eno.spacepennaeah well.15:30:18
@linus.heckemann:matrix.mayflower.deLinux Hackerman hexa: no plans currently, he said he might remove his maintainership (I'm guessing across the board) 15:34:35
@hexa:lossy.networkhexayeah, I didn't expect him to suddenly turn up again 15:35:08
@r_i_s:matrix.orgris_think i'm there with 2/3 of the dovecot backports, but think I'm going to skip CVE-2020-28200 as it's "only" an excessive resource consumption bug and common opinion is that it's too significant to backport, looking at it i'm inclined to agree18:06:29
@hexa:lossy.networkhexasgtm18:14:35
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm joined the room.21:18:13
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm left the room.23:52:28
24 Jun 2021
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm joined the room.00:12:04
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm left the room.03:41:34
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm joined the room.03:41:36
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm left the room.10:36:46
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm joined the room.11:17:25
@vertebralsilence:matrix.orgvertebralsilence joined the room.13:23:08
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm left the room.14:53:09
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm joined the room.16:06:07
@r_i_s:matrix.orgris_https://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html17:19:03
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm left the room.17:33:02
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm joined the room.17:33:05

Show newer messages

Back to Room ListRoom Version: 6