| 30 Oct 2024 |
 Tomodachi94 (they/them) | Additionally, it is very insecure, with four CVEs that are only patched in v7 or higher: https://github.com/NixOS/nixpkgs/pull/352236 | 04:38:02 |
| Tomodachi94 (they/them) | Only three packages are using it | 04:38:44 |
| Tomodachi94 (they/them) | * Only three packages are using it afaict | 04:40:18 |
 emily | usually we just list CVE identifiers with no explanation I think | 04:41:58 |
| emily | I think we can drop now, before release. | 04:43:13 |
| emily | dropping packages came up in #nixos-release-management:nixos.org recently, it's fine until the release, and security trumps freeze anyway | 04:43:32 |
| emily | do any of the three users work with a newer gradle? | 04:44:21 |
| Tomodachi94 (they/them) | Yes, one does. Upstream fixed it but hasn't released yet; I PRed a patch at https://github.com/NixOS/nixpkgs/pull/352275 | 04:45:12 |
| Tomodachi94 (they/them) | armitage looks like upstream might have been abandoned; no commits in two years | 04:46:34 |
| Tomodachi94 (they/them) | jd-gui also looks abandoned upstream, no commits since 2019 | 04:47:19 |
| emily | ok, let's merge the vulns PR to get it backported, and that fix | 04:47:20 |
| emily | then let's work on removal | 04:47:25 |
| emily | how complicated do the other two failures look? | 04:50:30 |
| emily | jd-gui AUR package uses 7: https://aur.archlinux.org/packages/jd-gui | 04:50:53 |
| Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
how complicated do the other two failures look? Unsure, I'll start the builds and have them use latest gradle | 04:51:00 |
| emily | jackpot: https://aur.archlinux.org/cgit/aur.git/plain/gradle-7-build.patch?h=jd-gui&id=7748f3a58e1e1d85d1558fae35d79350ed0a93bb | 04:51:31 |
| emily | hope we weren't using that macOS .app code 😅 | 04:52:15 |
| Tomodachi94 (they/them) | Started the build for armitage | 04:53:32 |
| Tomodachi94 (they/them) | "Could not find method archiveName() for arguments [armitage.jar]" at line 22 | 04:58:00 |
| Tomodachi94 (they/them) | Let's try gradle_7 | 04:58:09 |
| Tomodachi94 (they/them) | Friendlier error! This one is about a duplicate handling strategy | 04:59:42 |
| Tomodachi94 (they/them) | * Friendlier error! This one is about a "duplicate handling strategy" | 04:59:47 |
| emily | it's probably only worth putting a bounded amount of effort into this if it proves complicated | 05:06:05 |
| emily | maybe we could juts restore the old Ant build 😂 | 05:07:38 |
| emily | OTOH, their build really does not look complex | 05:07:56 |
| Tomodachi94 (they/them) | True. Can't find any patches for this on Kali nor AUR
| 05:15:14 |
| Tomodachi94 (they/them) | Would you believe me if I said this software was forked twice because it was abandoned? :)
| 05:15:46 |
| emily | easily :P | 05:15:54 |
| emily | https://docs.gradle.org/current/userguide/upgrading_version_6.html | 05:16:07 |
| emily | https://docs.gradle.org/current/userguide/upgrading_version_7.html | 05:16:13 |
