!tPxtoBdChSsxHuBlNW:nixos.org

NixOS Marketing

257 Members
NixOS website + marketing team: https://nixos.org/community/teams/marketing.html57 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
10 Sep 2024
@raboof:matrix.orgraboofwe should probably post something about the Nix vulnerability, right? something like "There's a vulnerability in Nix 2.24. If you're using nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently installed nix using the Determinate Systems installer then you need to double-check. GHSA-h4vv-h3jq-v493 #NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt)06:49:08
@raboof:matrix.orgraboof * we should probably post something about the Nix vulnerability, right? something like "There's a vulnerability in Nix 2.24. If you're using nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently installed nix using the Determinate Systems installer then you need to double-check. A fix is expected in version 2.24.6 which is to be released in the morning. GHSA-h4vv-h3jq-v493 #NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt)06:55:18
@raboof:matrix.orgraboof * we should probably post something about the Nix vulnerability, right? something like "There's a vulnerability in Nix 2.24. If you're using nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently (after August 1st) installed nix using the Determinate Systems installer then you need to double-check. A fix is expected in version 2.24.6 which is to be released in the morning. GHSA-h4vv-h3jq-v493 #NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt)06:59:18
@paperdigits:matrix.orgmicaShouldn't DetSys post about their installer?07:03:04
@raboof:matrix.orgraboofYes, they should, but the problem is not in their installer, it's in the released nix versions07:04:10
@raboof:matrix.orgraboof * Yes, they should (and do), but the problem is not in their installer, it's in the released nix versions07:04:24
@raboof:matrix.orgraboof'luckily' (i.e. thanks to the reporters) that version hasn't hit nixpkgs yet, and I'm not aware of other distribution mechanisms that'd have it, but there might be07:06:00
@paperdigits:matrix.orgmicaThe link to puckipedia above 404s since I guess matrix is bad at parsing URLs 07:07:17
@raboof:matrix.orgraboofoh, it works in my client (element-desktop) 😆07:09:57
@raboof:matrix.orgraboof * we should probably post something about the Nix vulnerability, right? something like "There's a vulnerability in Nix 2.24. If you're using nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently (after August 1st) installed nix using the Determinate Systems installer then you need to double-check. A fix is expected in version 2.24.6 which is to be released soon. GHSA-h4vv-h3jq-v493 #NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt)07:14:48
@raboof:matrix.orgraboof * we should probably post something about the Nix vulnerability, right? something like "There's a vulnerability in Nix 2.24. If you're using nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently (after August 1st) installed nix using the nix (not NixOS) installers then you need to double-check. A fix is expected in version 2.24.6 which is to be released soon. GHSA-h4vv-h3jq-v493 #NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt)07:20:39
@paperdigits:matrix.orgmicaAlso on mastodon they've already retooted you ;)07:20:56
@raboof:matrix.orgraboof * we should probably post something about the Nix vulnerability, right? something like "There's a vulnerability in Nix 2.24. If you're using the regular nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently (after August 1st) installed nix using the nix (not NixOS) installers, or are using nixVersions.git from nixpkgs, then you need to double-check. A fix is expected in version 2.24.6 which is to be released soon. GHSA-h4vv-h3jq-v493 #NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt)07:28:32
@raboof:matrix.orgraboofthanks for the feedback (here and in DMs), posted now.07:29:53
@matthewcroughan:defenestrate.itmatthewcroughan - nix.zone changed their display name from matthewcroughan - going to nix.camp to matthewcroughan.15:34:17
@raboof:matrix.orgraboofdo we have any place to share visuals to go with posts? maybe https://github.com/NixOS/nixos-artwork/pull/135 would be a suitable place?17:26:49
12 Sep 2024
@fricklerhandwerk:matrix.orgfricklerhandwerkHere's a EU survey about the planned cut of NGI funding for next year, where EU citizens and organisations can respond: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13880-Digital-Europe-programme-interim-evaluation/public-consultation_en It's still open until 2024-09-20. Would be great if we could notify our audience about it, since the NGI grants are a major resource for the Nix ecosystem. This relates to the open letter the NGI0 consortium has published in July: https://nixos.org/blog/announcements/2024/letter/16:01:38
@qyliss:fairydust.space@qyliss:fairydust.spaceAccording to NLnet this is not about NGI funding: https://social.nlnet.nl/@nlnet/statuses/01J7GR5TNX28F9VRXTMZSKQHEH16:13:46
@qyliss:fairydust.space@qyliss:fairydust.space(Still seems like a good idea to fill it in)16:14:08
@fricklerhandwerk:matrix.orgfricklerhandwerk
In reply to @qyliss:fairydust.space
According to NLnet this is not about NGI funding: https://social.nlnet.nl/@nlnet/statuses/01J7GR5TNX28F9VRXTMZSKQHEH
Ah indeed. I was already confused about the unfamiliar wording. Thanks for the clarificaton Alyssa Ross 		16:37:38
@fricklerhandwerk:matrix.orgfricklerhandwerk
In reply to @qyliss:fairydust.space
According to NLnet this is not about NGI funding: https://social.nlnet.nl/@nlnet/statuses/01J7GR5TNX28F9VRXTMZSKQHEH
* Ah indeed. I was already confused about the unfamiliar wording. Thanks for the clarification Alyssa Ross 		16:37:42
14 Sep 2024
@ss:someonex.netSomeoneSerge (back on matrix) changed their display name from SomeoneSerge (nix.camp) to SomeoneSerge (utc+3).11:37:40
16 Sep 2024
@lassulus:lassul.uslassulus raboof thilobillerbeck (avocadoom) : it would be nice of one of you could merge the election announcement: https://github.com/NixOS/nixos-homepage/pull/1546 17:48:31
@avocadoom:avocadoom.deavocadoomdone18:39:10

Show newer messages

Back to Room ListRoom Version: 6