| 14 Apr 2024 |
 Julien | I'd try to look if there is a software heritage archive that contains it | 12:32:48 |
| 15 Apr 2024 |
 symphorien | unfortunately not | 18:38:09 |
| 17 Apr 2024 |
|  JoelMcCracken joined the room. | 16:28:42 |
|  K900 changed their display name from K900 ⚡️ to K9Ö0. | 17:16:44 |
| K900 changed their display name from K9Ö0 to K900. | 17:21:55 |
| K900 | 17:21:55 |
| 24 Apr 2024 |
|  @stablejoy:matrix.org changed their profile picture. | 08:59:07 |
|  aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) joined the room. | 11:50:17 |
| 25 Apr 2024 |
|  delroth left the room. | 14:45:02 |
|  adamcstephens left the room. | 19:15:23 |
| 26 Apr 2024 |
| @stablejoy:matrix.org changed their profile picture. | 14:03:45 |
|  @federicodschonborn:matrix.org changed their profile picture. | 14:48:00 |
| 27 Apr 2024 |
|  nadir joined the room. | 18:22:47 |
| 28 Apr 2024 |
| @federicodschonborn:matrix.org changed their profile picture. | 22:46:56 |
| @federicodschonborn:matrix.org left the room. | 23:13:48 |
| 29 Apr 2024 |
|  NixOS Moderation Botchanged room power levels. | 15:29:42 |
| 1 May 2024 |
| NixOS Moderation Botchanged room power levels. | 15:07:20 |
| 6 May 2024 |
 ris_ | just making sure you're up to date with discussions going on @ https://github.com/NixOS/nix/issues/969, https://github.com/NixOS/ofborg/issues/68, https://github.com/NixOS/rfcs/pull/171 (towards bottom of each thread) | 16:18:54 |
| ris_ | short version: the fact that a FOD will quite blindly trust a cached outpath introduces a potential cache-poisoning attack for nixpkgs if someone is able to get their malicious outpath included (somehow) in cache.nixos.org | 16:22:17 |
| ris_ | how is this relevant to ofborg? several of us are thinking that we should introduce a CI check to counter this - one that will perform a fresh download of "new" FODs introduced by a PR and check the resulting hash | 16:24:55 |
| ris_ | i've developed a proof-of-concept of such a CI check in bash @ https://gist.github.com/risicle/3a521d040022c3e29faadcca8d8d4a20 | 16:26:05 |
| ris_ | it is of course by no means perfect | 16:28:14 |
| ris_ | for PRs that cause a lot of rebuilds (i.e. cause rebuilds to the packages depended upon by most fetchers) and for PRs to the staging branch it may be a lost cause | 16:30:40 |
| ris_ | so that's what my weekend was like, how's yours been? | 16:47:25 |
| 8 May 2024 |
| ris_ | so clearly, at the very least there's some expensive work that ofborg already does for all PRs that could be reused by such a check | 22:15:12 |
| ris_ | * so clearly, at the very least there's some expensive work that ofborg already does for all PRs that could be reused by such a check (the full evals) | 22:15:35 |
| ris_ | though this needs a slightly more stringent variant of it - from the looks of it, ofborg detects packages changing from their outpaths, whereas this needs to compare drv paths | 22:17:20 |
| 13 May 2024 |
 Ramses 🇵🇸 | I was looking at an ofborg failure on x86_64-linux, but the ofborg logs show that what's being built is aarch64... https://logs.ofborg.org/?key=nixos/nixpkgs.311394&attempt_id=4ebea30a-7949-4366-a795-ad2075eff475 | 22:54:48 |
| Ramses 🇵🇸 | Am I missing something here? | 22:55:08 |
 Artturin | In reply to @rvdp:infosec.exchange
I was looking at an ofborg failure on x86_64-linux, but the ofborg logs show that what's being built is aarch64... https://logs.ofborg.org/?key=nixos/nixpkgs.311394&attempt_id=4ebea30a-7949-4366-a795-ad2075eff475 A cross compiled systemd is in passthru.tests | 23:04:02 |
