| 23 Nov 2024 |
 Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
Tomodachi94 (they/them): can you move the release note to 24.11 Done | 04:35:32 |
| Tomodachi94 (they/them) | And I take it we only need to do the knownVulns dance for 24.05? | 04:36:37 |
 emily | indeed | 04:36:51 |
| emily | though considering it's marked broken and doesn't even run… | 04:37:04 |
| emily | would be pretty impressive to find a way to hit yourself with that particular rake | 04:37:17 |
| Tomodachi94 (they/them) | It's not marked broken on 24.05. Whether it runs on that release or we simply forgot to backport the broken = true addition, I don't feel like finding out | 04:40:09 |
| emily | yeah just mark it | 04:40:54 |
| Tomodachi94 (they/them) | https://github.com/NixOS/nixpkgs/pull/358314 | 04:42:47 |
| Tomodachi94 (they/them) | I wonder how feasible it would be to make a script that automates most of the process involved with dropping an insecure package | 04:45:01 |
| emily | ideally we'd have fewer of them 🫠| 04:45:27 |
| emily | can you take the [backport] out of the commit message (that's a PR title thing + this isn't actually a backport which might confuse someone looking for the non-backported PR) | 04:46:12 |
| Tomodachi94 (they/them) | Drop the release- prefix too? | 04:46:44 |
| emily | the commit message should be unadorned; PR title is whatever | 04:47:44 |
| Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
the commit message should be unadorned; PR title is whatever Completed | 04:48:18 |
| emily | love a package that's unmaintained, broken, and insecure | 04:48:45 |
| Tomodachi94 (they/them) | Now time to check through GitHub Search if anyone is using this package in their dotfiles | 04:48:51 |
| Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
love a package that's unmaintained, broken, and insecure And was hardcoded to JDK 8 through an override in all-packages | 04:49:21 |
| Tomodachi94 (they/them) | It's all of your favorite things!! /s | 04:49:39 |
| Tomodachi94 (they/them) | * And was hardcoded to use JDK 8 through an override in all-packages | 04:49:59 |
| emily | ideally it'd use an old FFmpeg too | 04:50:33 |
| Tomodachi94 (they/them) | And maybe vendor Ant | 04:50:45 |
| emily | and be broken on Darwin because of bad Linux assumptions | 04:50:47 |
| Tomodachi94 (they/them) | In reply to@tomodachi94:matrix.org
And maybe vendor Ant I'm wondering how many packages think they use our Ant package but actually use an Ant JAR that was shoved into VCS | 04:51:34 |
| Tomodachi94 (they/them) | nix-index time! :3 | 04:51:45 |
| Tomodachi94 (they/them) | Quite a few include Ant in their $out, which is... probably not good if it's just for the build system | 04:54:53 |
| Tomodachi94 (they/them) | (nix run 'github:nix-community/nix-index-database -- --regex '(lib|share)/.ant(-.|)jar$' | wc -l` says 407 paths) | 04:57:49 |
| Tomodachi94 (they/them) | (nix run 'github:nix-community/nix-index-database -- --regex '(lib|share)/.*ant(-.*|)jar$' | wc -l says 407 paths) | 04:57:56 |
| Tomodachi94 (they/them) | (nix run 'github:nix-community/nix-index-database -- --regex '(lib|share)/.*ant(-.*|)\.jar$' | wc -l says 444 paths) | 04:58:38 |
| Tomodachi94 (they/them) | In reply to@tomodachi94:matrix.org
I wonder how feasible it would be to make a script that automates most of the process involved with dropping an insecure package I drop a lot of packages, so I might make something more general at some point. We'll see 🙂) | 05:01:26 |
| Tomodachi94 (they/them) | * (I drop a lot of packages, so I might make something more generally for dropping packages at some point. We'll see 🙂) | 05:01:36 |
