| 23 Nov 2024 |
 Tomodachi94 (they/them) | https://github.com/NixOS/nixpkgs/pull/358314 | 04:42:47 |
| Tomodachi94 (they/them) | I wonder how feasible it would be to make a script that automates most of the process involved with dropping an insecure package | 04:45:01 |
 emily | ideally we'd have fewer of them 🫠| 04:45:27 |
| emily | can you take the [backport] out of the commit message (that's a PR title thing + this isn't actually a backport which might confuse someone looking for the non-backported PR) | 04:46:12 |
| Tomodachi94 (they/them) | Drop the release- prefix too? | 04:46:44 |
| emily | the commit message should be unadorned; PR title is whatever | 04:47:44 |
| Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
the commit message should be unadorned; PR title is whatever Completed | 04:48:18 |
| emily | love a package that's unmaintained, broken, and insecure | 04:48:45 |
| Tomodachi94 (they/them) | Now time to check through GitHub Search if anyone is using this package in their dotfiles | 04:48:51 |
| Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
love a package that's unmaintained, broken, and insecure And was hardcoded to JDK 8 through an override in all-packages | 04:49:21 |
| Tomodachi94 (they/them) | It's all of your favorite things!! /s | 04:49:39 |
| Tomodachi94 (they/them) | * And was hardcoded to use JDK 8 through an override in all-packages | 04:49:59 |
| emily | ideally it'd use an old FFmpeg too | 04:50:33 |
| Tomodachi94 (they/them) | And maybe vendor Ant | 04:50:45 |
| emily | and be broken on Darwin because of bad Linux assumptions | 04:50:47 |
| Tomodachi94 (they/them) | In reply to@tomodachi94:matrix.org
And maybe vendor Ant I'm wondering how many packages think they use our Ant package but actually use an Ant JAR that was shoved into VCS | 04:51:34 |
| Tomodachi94 (they/them) | nix-index time! :3 | 04:51:45 |
| Tomodachi94 (they/them) | Quite a few include Ant in their $out, which is... probably not good if it's just for the build system | 04:54:53 |
| Tomodachi94 (they/them) | (nix run 'github:nix-community/nix-index-database -- --regex '(lib|share)/.ant(-.|)jar$' | wc -l` says 407 paths) | 04:57:49 |
| Tomodachi94 (they/them) | (nix run 'github:nix-community/nix-index-database -- --regex '(lib|share)/.*ant(-.*|)jar$' | wc -l says 407 paths) | 04:57:56 |
| Tomodachi94 (they/them) | (nix run 'github:nix-community/nix-index-database -- --regex '(lib|share)/.*ant(-.*|)\.jar$' | wc -l says 444 paths) | 04:58:38 |
| Tomodachi94 (they/them) | In reply to@tomodachi94:matrix.org
I wonder how feasible it would be to make a script that automates most of the process involved with dropping an insecure package I drop a lot of packages, so I might make something more general at some point. We'll see 🙂) | 05:01:26 |
| Tomodachi94 (they/them) | * (I drop a lot of packages, so I might make something more generally for dropping packages at some point. We'll see 🙂) | 05:01:36 |
| emily | you might want to look at the Gentoo last rites stuff | 05:02:27 |
| emily | I think they have automation | 05:02:29 |
| emily | I feel I've corrupted you into the package-dropping life, though. | 05:02:48 |
| Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
I feel I've corrupted you into the package-dropping life, though. Nope, I have a history of dropping things that goes before I joined this channel: https://github.com/search?q=repo%3ANixOS%2Fnixpkgs+author%3Atomodachi94+drop&type=commits&s=committer-date&o=asc | 05:04:48 |
| Tomodachi94 (they/them) | I... did this to myself | 05:06:31 |
| Tomodachi94 (they/them) | Being a founding member of the Java team certainly didn't help | 05:06:50 |
| emily | :'( | 05:06:52 |
