| 21 Nov 2023 |
 Jan Tojnar | hmm, I used https://lazamar.co.uk/nix-versions/?channel=nixos-unstable&package=php | 09:38:11 |
 Pol | Jan Tojnar: I already notice that there are missing data from that site | 09:38:43 |
 rikudou@lemmings.world | Pol: I'll be taking a look at the flake you've written, I think I get the gist, though it's gonna take more than 5 minutes. Thank you very much! | 09:38:48 |
| Pol | I don't use it for that particular reason. | 09:38:49 |
| rikudou@lemmings.world | In reply to @jtojnar:matrix.org
hmm, I used https://lazamar.co.uk/nix-versions/?channel=nixos-unstable&package=php Yeah, it's not updated, that's why I made the https://history.nix-packages.com website | 09:39:16 |
| Pol | You did it well, thank you for that :) now add support for Flake :D | 09:39:36 |
| Pol | I hope it will get integrated in search.nixos.org at some point | 09:39:55 |
| Jan Tojnar | thanks, updated | 09:40:10 |
| rikudou@lemmings.world | In reply to @drupol:matrix.org
I would definitely think about upgrading. That's true, 7.4 shouldn't be used in production anymore | 09:40:30 |
| rikudou@lemmings.world | In reply to @drupol:matrix.org
I hope it will get integrated in search.nixos.org at some point Same here, it would be nice. | 09:40:52 |
| Jan Tojnar | I am still wary of exposing it more prominently precisely because it will lead to people using old versions without realizing the issues | 09:40:57 |
| Pol | In reply to @jtojnar:matrix.org
I am still wary of exposing it more prominently precisely because it will lead to people using old versions without realizing the issues Just don't, people needs to be aware of the consequences of using old packages. | 09:41:32 |
| Pol | In reply to @jtojnar:matrix.org
I am still wary of exposing it more prominently precisely because it will lead to people using old versions without realizing the issues We could display a warning in nix-phps when using an unsupported versions. That could be something easy to implement I guess. | 09:42:45 |
| rikudou@lemmings.world | In reply to @jtojnar:matrix.org
I am still wary of exposing it more prominently precisely because it will lead to people using old versions without realizing the issues I mean, sometimes you need an old version of whatever software you use. Recently I needed .NET core 3.1, not because I like it, but because a legacy project was stuck there and needed some quick fix. That was actually what prompted the creation of my tool. | 09:43:07 |
| rikudou@lemmings.world | In reply to @drupol:matrix.org
You did it well, thank you for that :) now add support for Flake :D Will do! | 09:43:15 |
| Jan Tojnar | yeah, I agree that it is useful but also people do not read warnings and I am too worried about the effect widely available footguns have | 09:45:21 |
| rikudou@lemmings.world | In reply to @rikudou:lemmings.world
I mean, sometimes you need an old version of whatever software you use. Recently I needed .NET core 3.1, not because I like it, but because a legacy project was stuck there and needed some quick fix. That was actually what prompted the creation of my tool. And I had two options - using a docker image, which means I lose all the nice things, like step debugging, or use a nix shell | 09:45:58 |
| Jan Tojnar | in the end it is more of a social problem than a technical one though | 09:46:03 |
| rikudou@lemmings.world | In reply to @jtojnar:matrix.org
yeah, I agree that it is useful but also people do not read warnings and I am too worried about the effect widely available footguns have If you can think of some nice warning I should add there, I'm happy to do it | 09:46:23 |
| Pol | In reply to @rikudou:lemmings.world
If you can think of some nice warning I should add there, I'm happy to do it Must be done in https://github.com/fossar/nix-phps | 09:56:41 |
| rikudou@lemmings.world | In reply to @drupol:matrix.org
Must be done in https://github.com/fossar/nix-phps I meant for the https://history.nix-packages.com project in general | 09:57:34 |
| rikudou@lemmings.world | I've added one warning for using nix-env | 09:57:58 |
| Pol | Just don't show the nix-env command | 09:58:33 |
| Pol | And replace it with nix profile | 09:58:41 |
| Jan Tojnar | In reply to @drupol:matrix.org
Must be done in https://github.com/fossar/nix-phps yeah, I still have not come up with a good warning | 10:09:44 |
| Jan Tojnar | In reply to @drupol:matrix.org
Must be done in https://github.com/fossar/nix-phps * yeah, I still have not come up with a good warning for nix-phpgs | 10:10:10 |
| Jan Tojnar | this stuff is hard, we have the same issue with meta.knownVulnerabilities in Nixpkgs | 10:11:08 |
| Jan Tojnar | maybe something like displaying big red This software contains XYZ security vulnerabilities in its dependency tree. and then explain the alternatives | 10:12:09 |
| Jan Tojnar | but getting the CVE data is still difficult problem | 10:12:24 |
| Pol | The idea is not to show the CVE... just say that it is no more supported. Maybe with a link pointing to a list of CVE ? | 10:13:51 |
