| 31 May 2026 |
|  keysmashes joined the room. | 12:02:24 |
|  sorrel -> keysmashes changed their display name from sorrel to sorrel -> keysmashes. | 12:08:33 |
| 1 Jun 2026 |
 dotlambda | https://github.com/NixOS/nixpkgs/pull/526529 | 14:35:36 |
| 2 Jun 2026 |
 kuflierl | https://github.com/NixOS/nixpkgs/pull/527164 | 14:51:37 |
| dotlambda | I'm not sure about https://github.com/NixOS/nixpkgs/pull/524510 | 15:26:16 |
| dotlambda | same for https://github.com/NixOS/nixpkgs/pull/524508 | 15:27:00 |
| dotlambda | and https://github.com/NixOS/nixpkgs/pull/524507 | 15:27:32 |
|  monokles joined the room. | 16:10:45 |
| 3 Jun 2026 |
 Samuel Dionne-Riel | the following PRs may need to be labeled with the security label:
- https://github.com/NixOS/nixpkgs/pull/468076
- https://github.com/NixOS/nixpkgs/pull/514056
- https://github.com/NixOS/nixpkgs/pull/507810
| 21:06:44 |
| 4 Jun 2026 |
 Emil Thorsøe | wow, openvpn has been marginally vulnerable since 2026-04-22 | 03:46:53 |
|  Echo changed their profile picture. | 04:23:41 |
 K900 | libinput RCE-ish: https://gitlab.freedesktop.org/libinput/libinput/-/releases/1.31.3 | 06:54:31 |
| K900 | Will do a PR in a bit | 06:54:37 |
| K900 | https://github.com/NixOS/nixpkgs/pull/527861 | 07:07:08 |
| K900 | (don't merge yet, waiting for 26.05 backport for previous update) | 07:07:34 |
|  arias 🏳️⚧️ joined the room. | 21:50:55 |
| 5 Jun 2026 |
 stigo | https://github.com/NixOS/nixpkgs/pull/528021 <- perl issues | 10:46:52 |
|  @zimbatm:numtide.com left the room. | 11:40:58 |
| 6 Jun 2026 |
 hexa | https://seclists.org/oss-sec/2026/q2/822 freetype | 01:20:35 |
 whispers [& it/fae] | ^ attempt at https://github.com/NixOS/nixpkgs/pull/528652 | 03:54:33 |
| Emil Thorsøe | Can you elaborate on RCE, I see local privilege escalation? | 04:24:23 |
| K900 | I can't read | 07:35:06 |
| 7 Jun 2026 |
 arcayr | i think the apache team figure cve-2026-49975 isn't worth a proper release, so my pr with the debian patches for it is probably going to be it for a while | 02:31:14 |
| arcayr | are we okay to fetchpatch2 from debian directly or would it be preferred to host the patches | 02:31:25 |
| arcayr | i originally hosted them but figured it looks a bit more reliable and legitimate if they're actually from debian, idk | 02:31:57 |
| arcayr | * | 02:32:06 |
| arcayr | * | 02:32:13 |
| hexa | fetchpatch is fine | 02:37:47 |
 vcunat | From Debian you probably fetchurl, as they have it as a *file* in git. | 05:56:37 |
| 9 Jun 2026 |
| hexa | Markus Theil are you doing the openssl updates? and 4.0? | 12:05:38 |
