| 30 Apr 2026 |
 @enzime:nixos.dev | hexa could you take a look at this PR? it removes DHE from nginx: https://github.com/NixOS/nixpkgs/pull/515057 | 12:54:04 |
 hexa | we're in breaking changes freeze unfortunately | 12:54:31 |
| hexa | Redacted or Malformed Event | 12:54:41 |
| @enzime:nixos.dev | In reply to @hexa:lossy.network
we're in breaking changes freeze unfortunately, so removing the option now is not ok. should we merge the first commit now? | 12:56:37 |
| @enzime:nixos.dev | and then leave the dropping the NixOS option till after the freeze? | 12:56:59 |
| @enzime:nixos.dev | * and then leave dropping the NixOS option till after the freeze? | 12:57:05 |
| hexa | DHE will only be used with dhparams anyway, so I hoped the warning would be sufficient | 12:59:03 |
| @enzime:nixos.dev | just investigated further, it doesn't matter if the first commit is merged now as nginx will just disable DHE if DH params are not configured https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam | 13:22:10 |
|  @hxr404:tchncs.de left the room. | 13:40:15 |
|  Vinetos joined the room. | 13:47:34 |
 Samuel Dionne-Riel | https://github.com/NixOS/nixpkgs/pull/514603 | 16:01:44 |
| 1 May 2026 |
 leona | https://gstreamer.freedesktop.org/ 1.28.2 fixes a few high score vulnerabilities.
We already have an open PR but it’s not ready and we are on an unsupported version
| 06:41:45 |
| @enzime:nixos.dev left the room. | 06:44:02 |
| 4 May 2026 |
|  AnnoyingRains changed their profile picture. | 02:36:04 |
| 2 May 2026 |
|  Tom changed their profile picture. | 18:41:12 |
| 3 May 2026 |
| AnnoyingRains changed their profile picture. | 13:02:39 |
 Mic92 | https://github.com/NixOS/nixpkgs/pull/516109 vaultwarden | 13:33:05 |
| 6 May 2026 |
 arcayr | https://github.com/NixOS/nixpkgs/pull/517132 apacheHttpd 2.4.66 -> 2.4.67 fixing cve-2026-23918 - https://httpd.apache.org/security/vulnerabilities_24.html / https://www.cve.org/CVERecord?id=CVE-2026-23918 | 04:52:22 |
 vcunat | weblate is in need of backport to 25.11, in case anyone's interested.
https://github.com/NixOS/nixpkgs/pull/510728#issuecomment-4386087895 | 08:31:12 |
|  lgian joined the room. | 09:15:35 |
 dish [Fox/It/She] | Not critical but someone seems to be trying to do weird exfil backdoor attacks on nixpkgs via CI, see https://github.com/NixOS/nixpkgs/pull/517354 | 16:24:30 |
| dish [Fox/It/She] | afaik none of this works but i could be wrong so bringing it up here for visibility | 16:24:40 |
| dish [Fox/It/She] | (it also seems to be using a very very expired webhook for exfil so i dont think this works anyways) | 16:25:55 |
 Alyssa Ross | I reported the account to GitHub. An org owner could also block them from the org. | 16:29:05 |
 Winter | ^ handling | 16:30:26 |
 tgerbet | Yeah they abuse a bunch of other repositories
I have spotted one where they got some success, I'm reaching out to them | 16:31:30 |
|  codec joined the room. | 16:33:12 |
| hexa | same | 17:42:41 |
| hexa | blocked | 17:43:32 |
|  averyv joined the room. | 19:06:21 |
