| 21 Nov 2023 |
 Pol | In reply to @jtojnar:matrix.org
I am still wary of exposing it more prominently precisely because it will lead to people using old versions without realizing the issues Just don't, people needs to be aware of the consequences of using old packages. | 09:41:32 |
| Pol | In reply to @jtojnar:matrix.org
I am still wary of exposing it more prominently precisely because it will lead to people using old versions without realizing the issues We could display a warning in nix-phps when using an unsupported versions. That could be something easy to implement I guess. | 09:42:45 |
 rikudou@lemmings.world | In reply to @jtojnar:matrix.org
I am still wary of exposing it more prominently precisely because it will lead to people using old versions without realizing the issues I mean, sometimes you need an old version of whatever software you use. Recently I needed .NET core 3.1, not because I like it, but because a legacy project was stuck there and needed some quick fix. That was actually what prompted the creation of my tool. | 09:43:07 |
| rikudou@lemmings.world | In reply to @drupol:matrix.org
You did it well, thank you for that :) now add support for Flake :D Will do! | 09:43:15 |
 Jan Tojnar | yeah, I agree that it is useful but also people do not read warnings and I am too worried about the effect widely available footguns have | 09:45:21 |
| rikudou@lemmings.world | In reply to @rikudou:lemmings.world
I mean, sometimes you need an old version of whatever software you use. Recently I needed .NET core 3.1, not because I like it, but because a legacy project was stuck there and needed some quick fix. That was actually what prompted the creation of my tool. And I had two options - using a docker image, which means I lose all the nice things, like step debugging, or use a nix shell | 09:45:58 |
| Jan Tojnar | in the end it is more of a social problem than a technical one though | 09:46:03 |
| rikudou@lemmings.world | In reply to @jtojnar:matrix.org
yeah, I agree that it is useful but also people do not read warnings and I am too worried about the effect widely available footguns have If you can think of some nice warning I should add there, I'm happy to do it | 09:46:23 |
| Pol | In reply to @rikudou:lemmings.world
If you can think of some nice warning I should add there, I'm happy to do it Must be done in https://github.com/fossar/nix-phps | 09:56:41 |
| rikudou@lemmings.world | In reply to @drupol:matrix.org
Must be done in https://github.com/fossar/nix-phps I meant for the https://history.nix-packages.com project in general | 09:57:34 |
| rikudou@lemmings.world | I've added one warning for using nix-env | 09:57:58 |
| Pol | Just don't show the nix-env command | 09:58:33 |
| Pol | And replace it with nix profile | 09:58:41 |
| Jan Tojnar | In reply to @drupol:matrix.org
Must be done in https://github.com/fossar/nix-phps yeah, I still have not come up with a good warning | 10:09:44 |
| Jan Tojnar | In reply to @drupol:matrix.org
Must be done in https://github.com/fossar/nix-phps * yeah, I still have not come up with a good warning for nix-phpgs | 10:10:10 |
| Jan Tojnar | this stuff is hard, we have the same issue with meta.knownVulnerabilities in Nixpkgs | 10:11:08 |
| Jan Tojnar | maybe something like displaying big red This software contains XYZ security vulnerabilities in its dependency tree. and then explain the alternatives | 10:12:09 |
| Jan Tojnar | but getting the CVE data is still difficult problem | 10:12:24 |
| Pol | The idea is not to show the CVE... just say that it is no more supported. Maybe with a link pointing to a list of CVE ? | 10:13:51 |
| Jan Tojnar | My theory is that most people do not comprehend abstract, which is why you need "There are at least 135 ways for hackers to steal your identity and eat your pet hamster if you use this unsupported version of software." | 10:27:54 |
| Jan Tojnar | Though the question of degree of our responsibility is one without a clear answer, so the necessary amount of sufficient precautions is difficult to quantify. | 10:30:25 |
| 22 Nov 2023 |
| Jan Tojnar | Just to exaggerate for point, if you give away small nuclear bombs with a meal, it does not matter if you add a warning “You and everyone you love will DIE horribly, if you use this toy in a populated area.” at the and of a day, someone will try to project-orion around their suburb on their skateboard. | 06:38:38 |
|  Heisfer joined the room. | 10:01:30 |
| 23 Nov 2023 |
 w | In reply to @drupol:matrix.org
Are you using the new PHP/Composer builder in nixpkgs? How can I check it? | 01:29:52 |
| 24 Nov 2023 |
| Pol | In reply to @wjjunyor:matrix.org
How can I check it? Are you using the function pkgs.php.buildComposerProject ? | 09:37:22 |
| Pol | Gaël Reyrol: Got news on FrankenPHP ? | 09:37:40 |
| 25 Nov 2023 |
 Gaël Reyrol | I didn't had enough time this week to go further. But one think is actually wrong, it is the way I fetch go modules, it is not reproducible and make the changes between compilations. I have to fix this. Still the PR is publishes on nixpkgs but in draft mode. | 07:49:51 |
| Gaël Reyrol | * I didn't had enough time this week to go further. But one think is actually wrong, it is the way I fetch go modules, it is not reproducible and make the hash change between compilations. I have to fix this. Still the PR is publishes on nixpkgs but in draft mode. | 07:50:28 |
| Gaël Reyrol | * I didn't had enough time this week to go further. But one think is actually wrong, it is the way I fetch go modules, it is not reproducible and make the hash change between compilations. I have to fix this. Still the PR is published on nixpkgs but in draft mode. | 07:50:54 |
| Gaël Reyrol | https://github.com/NixOS/nixpkgs/pull/268665 | 07:51:26 |
