| 3 Apr 2023 |
 @andreas.schraegle:helsinki-systems.de | can't nix env do that? 🤔 | 15:22:27 |
 stigo | Would be nice to be able to use nix-instansiate for instance, did some experiments with returning json but wasn't able to find the offsets iirc. | 15:25:13 |
 Janne Heß | Couldn't you call into some rnix library? | 15:25:46 |
| stigo | Having a look at https://github.com/nix-community/rnix-parser | 15:34:48 |
| stigo | Hm, also nix-env -f '.' -qa -A perlPackages --json --meta gives a meta.position key in the output with the start offset. Could be useful. Thanks :-) | 15:42:49 |
| 7 Apr 2023 |
 Artturin | https://github.com/NixOS/nixpkgs/pull/224107 | 15:32:50 |
| 15 Apr 2023 |
 hexa | stigo: is there anything we can do about HTTP:Tiny? | 19:12:00 |
| hexa | like fix the default 😄 | 19:12:05 |
| hexa | because like … what the hell? | 19:12:19 |
| hexa | https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ for context | 19:12:26 |
 Alyssa Ross | didn't we already? | 19:12:27 |
| hexa | did we? | 19:13:01 |
| Janne Heß | Pretty sure | 19:13:45 |
| Alyssa Ross | the linked reddit post says we did | 19:13:49 |
| Alyssa Ross | https://github.com/NixOS/nixpkgs/pull/187480 | 19:14:03 |
| Janne Heß | https://github.com/NixOS/nixpkgs/pull/187480 | 19:14:16 |
| hexa | great! | 19:14:21 |
| Janne Heß | Ah lol | 19:14:22 |
| hexa | stigo just boosted in on mastodon, so I had to ask 😄 | 19:14:31 |
| hexa | and obviously didn't expect the post to link back to us | 19:14:43 |
| stigo | In reply to @hexa:lossy.network
stigo: is there anything we can do about HTTP:Tiny? We're safe, HTTP::Tiny is patched in nixpkgs | 20:24:55 |
| 4 May 2023 |
| stigo | Had some great discussions at a meetup with the toolchain group last week. There seems to be some consensus to change HTTP::Tiny, we're looking at using TUF for repo/author signing on CPAN, and have started a cpan security working group to make more good things happen. Open vulnerabilities are also going to be visible on metacpan.org soon hopefully. | 09:21:39 |
| stigo | * Had some great discussions at a meetup with the toolchain group last week. There seems to be some consensus to change the tls defaults in HTTP::Tiny, we're looking at using TUF for repo/author signing on CPAN, and have started a cpan security working group to make more good things happen. Open vulnerabilities are also going to be visible on metacpan.org soon hopefully. | 09:22:43 |
| stigo | There was also a good amount of Chartreuse involved :) | 09:28:41 |
| stigo | In reply to @janne.hess:helsinki-systems.de
Short of the Perl Steering Council directly asking for a change
stigo you know what to do ;)
Done :) | 09:51:35 |
| Janne Heß | It was supposed to be a joke :D | 09:52:22 |
| stigo | They haven't decided anything yet, ofc, but moving in the right direction i think. | 09:53:12 |
 @qbit:tapenet.org | :D | 12:50:40 |
| @qbit:tapenet.org | awesome | 12:50:42 |
| @qbit:tapenet.org | has anyone seen https://github.com/bscan/PerlNavigator ? | 16:50:14 |
