| 2 Nov 2024 |
 emily | which needs updating to reflect reality | 01:15:57 |
 Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
it should definitely get knownVulnerabilities on 24.05, since it's unsafe to use So a message like "Oracle JDKs are unsafe to use and are unmaintained in Nixpkgs. OpenJDK provides a comparable implementation." ? | 01:18:19 |
| emily | In reply to @emilazy:matrix.org
would you mind knownVulnerabilitiesing the Oracle JDKs on 24.05 too? no need to go CVE-hunting, can just say e.g. "Not updated for 4 years, many disclosed vulnerabilities" I would just go for something like this ^ with the URL | 01:19:46 |
| emily | fine to say "use openjdk" too if you'd like | 01:19:53 |
| emily | and then on master we can e.g. oraclejdk = throw "Oracle JDKs were removed as they had been unmaintained in Nixpkgs since 2021 and contained many known vulnerabilities; use `openjdk` instead"; | 01:20:37 |
| emily | and we should update the docs too, but that's less pressing | 01:21:10 |
| Tomodachi94 (they/them) | Tweaked wording as you suggested | 01:24:16 |
| emily | LGTM :) | 01:25:48 |
| emily | will merge once nixpkgs-vet passes | 01:26:28 |
| emily | uh wow, javacard-devkit is i686-linux | 01:27:28 |
| Tomodachi94 (they/them) | Wtf | 01:27:42 |
| emily | does it like, actually run? | 01:27:42 |
| Tomodachi94 (they/them) | Only one way to find out 😉 does anyone have an i686 machine running Nix? | 01:28:17 |
| emily | you don't need it, the package will work on x86-64 | 01:28:38 |
| Tomodachi94 (they/them) | Oh oops | 01:28:46 |
| emily | (we don't support hosting a full NixOS on i686-linux) | 01:28:54 |
| Tomodachi94 (they/them) | Is it even technically restricted to i686 if it's a JAR? 😉 | 01:30:32 |
| emily | I suspect it has cursed native binaries. | 01:30:43 |
| emily | it looks like the latest version of the Java Card Development Kit is (a) seemingly cross-platform and (b) tested on OpenJDK, so there's no excuse for carrying this ancient version, but I am somewhat curious if it even works | 01:31:23 |
| Tomodachi94 (they/them) | I'll update it to use OpenJDK, I'm curious if you can get it running at all lmao | 01:33:11 |
| emily | I'll just try it on the community builder. | 01:33:50 |
| emily | I think we should rather just drop it, though. | 01:34:02 |
| Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
I'll just try it on the community builder. Not that simple, it uses requireFile | 01:34:15 |
| Tomodachi94 (they/them) | (or maybe it is, if you can push derivations up to it) | 01:34:35 |
| emily | yeah, I will subject everyone on the community builder to the Oracle EULA. they will have all our firstborns | 01:34:41 |
| Tomodachi94 (they/them) | * (or maybe it is, if you can push built derivations up to it) | 01:34:44 |
| emily | it's full shell access and trusted-users | 01:34:53 |
| emily | so theoretically I am root | 01:34:58 |
| emily | which is why I don't use it as a remote builder, just via SSH | 01:35:13 |
| emily | oh my god I need an Oracle account. I should have made you do this :) | 01:35:59 |
