| 8 Jun 2021 |
 hexa | weechat-matrix? | 11:42:44 |
 Alyssa Ross | mhmm | 11:43:00 |
| hexa | yeah, there's not really a way to map viewports in a good way to weechat I guess | 11:43:21 |
| hexa | maybe code blocks should be urls like pastebins | 11:43:47 |
| hexa | Redacted or Malformed Event | 11:43:59 |
| Alyssa Ross | I actually quite like actual code blocks rendering inline, but a commit log seemed a little silly | 11:44:09 |
| hexa | fair | 11:44:40 |
| Alyssa Ross | I'd maybe just mark insecure on master for now, to show that if somebody is using it they are welcome to fix it? | 11:44:44 |
| hexa | In reply to @janne.hess:helsinki-systems.de
we could remove it from master and add knownVulnerabilities to the 20.09 and 21.05 branch, maybe someone who uses it will fix it sgtm | 11:44:50 |
| hexa | also fine | 11:45:00 |
| Alyssa Ross | a removed package sort of communicates "we don't want this back", imo | 11:45:12 |
| Alyssa Ross | but we'd be fine with the package as long as it was up-to-date, aiui | 11:45:27 |
 das_j | well do we want packages back that nobody cares to maintain? | 11:45:32 |
| Alyssa Ross | this is how you get somebody to care | 11:45:52 |
| Alyssa Ross | would you notice if a random package you used didn't have a maintainer? I wouldn't. | 11:46:09 |
| das_j | yeah, probably. I'll add the knownVulns to master and add the backport labels | 11:46:13 |
| hexa | great, thank you | 11:47:30 |
| das_j | btw, should I ping the security team in the future for PRs like this? | 11:50:39 |
| das_j | because I just requested a review of hexa in this PR | 11:50:51 |
| Alyssa Ross | that's my first time merging a PR with the backport labels -- do I need to do anything else or is the backport entirely automatic now? | 11:51:20 |
 Linux Hackerman | The backport PR should be opened and linked automatically after the merge | 11:51:49 |
| Linux Hackerman | it does still need a manual merge | 11:52:02 |
| Alyssa Ross | okay, cool | 11:53:08 |
| Alyssa Ross | hmm, no backport PR yet? | 11:54:16 |
| Alyssa Ross | I'd have expected it to be pretty instant? | 11:54:23 |
| hexa | das_j: I'm not too sure about the security team, is it more than one person, that has too many stakes in everything anyway? | 11:54:35 |
| das_j | it's graham and domen | 11:55:02 |
| hexa | Alyssa Ross: takes rougly 4-5m as the action needs to clone nixpkgs first | 11:55:03 |
| hexa | oh, it's domen? I didn't know | 11:55:14 |
| das_j | or is it the other team? | 11:55:28 |
