Nix + dotnet - Public Room Timeline

	Nix + dotnet	127 Members
		24 Servers

Load older messages

Sender	Message	Time
17 Dec 2024
GGG	there's a commit updating to .NET 9 rc2 but idk how stable that is	22:50:45
Whovian9369	Pre-Release was ~1yr ago	22:51:02
GGG	both releases are from 2022, which is 2 years ago	22:51:31
Whovian9369	I misread the year, apologies.	22:51:42
Corngood	I actually think dotnet 6 is so widely use that I'm not worried about it being EOL. There are tons of things that are less likely to get security fixes that aren't marked insecure in nixpkgs.	22:51:47
GGG	you could risk building from the latest commit from the main branch	22:51:52
Corngood	* I actually think dotnet 6 is so widely used that I'm not worried about it being EOL. There are tons of things that are less likely to get security fixes that aren't marked insecure in nixpkgs.	22:52:09
Whovian9369	Honestly I'd say that the dev is just busy, but I don't quite know what else to say or do about it as I figure the response I'd get would be "PR it then." but... 🤷	22:52:24
GGG	it is widely used but won't be getting any security updates even if something does happen though	22:52:26
GGG	* it is widely used but won't be getting any security updates even if something does happen though, nor will anyone report it as a security issue because it's been abandoned	22:52:43
GGG	well, they have a commit updating it to .NET 9, you could try building from that: https://github.com/aaru-dps/Aaru/commit/3d8ba7df385a43fccfee5b16cb90532197b8931d	22:53:22
Corngood	I would be very surprised if Microsoft didn't patch a serious vulnerability if it was found in the next couple years. And I think at the very least we'd be likely to hear about it.	22:53:29
Whovian9369	I do that in the same flake and normally use it in my day to day NixOS-WSL environment (though as of yesterday seems broken on my machine, need to check on that), but again 🤷	22:53:34
Whovian9369	`{ packages = { x86_64-linux = { default = self.packages.x86_64-linux.prerelease; git = nixpkgs.legacyPackages.x86_64-linux.callPackage ./git.nix {}; lts = pkgs.callPackage ./lts.nix {}; prerelease = pkgs.callPackage ./prerelease.nix {}; }; }; };`	22:54:04
GGG	they won't, they'll just tell people to upgrade, if you bought into the whole new .NET scheme you also bought into the release cadency. if you want stability then just stick with .NET Framework	22:54:06
GGG	they did this exactly so they didn't have to maintain a billion versions of .NET	22:54:18
Corngood	Yeah, I know they aren't planning on fixing anything, but I still think they'd do it if it was bad enough. I don't object to it being marked insecure though, because I can make that call myself.	22:56:28
GGG	if you do know of something in nixpkgs that is insecure though, I'd argue for making a PR marking it insecure	22:59:01
GGG	and then see people's arguments if they argue against it	22:59:10
Corngood	Of course, but when does EOL == insecure? Like is llvm 12 going to get fixes?	22:59:41
GGG	though I guess you're talking about things that haven't been officially dropped but are kind of dropped	22:59:48
GGG	that's the standard afaik, it has been done with openssl iirc	23:00:16
GGG	I'll check if this is the right mechanism though	23:01:11
Corngood	Yeah, and I actually have openssl 1.1 in my permitted list too :\| I just carefully use it for compatibility with certain things.	23:01:52
GGG	Xen seems to do the same as well	23:02:11
Whovian9369	I have openssl 1.1 in my premitted list because of Sublime Text 4. (Curse you, Sublime!)	23:02:24
6pak	me too for ancient unity	23:02:53
6pak	is there really no openssl1->3 shim?	23:03:01
Corngood	me too for ancient unity me too for modern unity 😭 actually I'm not 100% sure I still need it on unity 6	23:03:56
Whovian9369	By the way, thank you all again for the time and thoughts with my issues on `aaru`. I'll leave them as `config.permittedInsecurePackages` entries and call it a day, if not making them `throw` and complain later.	23:04:11

Show newer messages

Back to Room ListRoom Version: 9