| 22 Sep 2022 |
 f0x | error: The option services.mjolnir.pantalaimon.username' is used but not defined.` | 17:03:06 |
| f0x | as it's still put in the generated config | 17:04:10 |
 hexa | jojosch: ^ | 18:14:58 |
 Winter (she/her) | Hoping to land matrix-crypto-sdk-nodejs later, after I debug Darwin failures. | 18:44:40 |
| Winter (she/her) | I can't repro the failure, ugh. | 20:37:29 |
| 23 Sep 2022 |
| hexa | https://twitter.com/matrixdotorg/status/1573308190602760192 | 13:59:46 |
| hexa | https://matrix.org/blog/2022/09/23/pre-disclosure-upcoming-critical-security-release-of-matrix-sd-ks-and-clients | 13:59:51 |
| hexa | crossposted to #security-discuss:nixos.org | 14:01:06 |
| hexa | so I guess they'll be reaching out to ma27 again | 14:02:11 |
| hexa |
We will also be working with downstream packagers and forks over the coming days to ensure a synchronised release to address affected clients.
| 14:02:19 |
 Sandro 🐧 | In reply to @hexa:lossy.network
We will also be working with downstream packagers and forks over the coming days to ensure a synchronised release to address affected clients.
yeah, well, that will definitely not happen. Ours is released when the channel advances which can take a day or two. | 16:30:28 |
| Winter (she/her) | I wonder if there's a way we can fast track security changes like this... | 16:34:23 |
| Winter (she/her) | We could force start an eval? | 16:34:33 |
| Winter (she/her) | assuming there wouldn't be a lot of rebuilds | 16:34:42 |
| Sandro 🐧 | One important thing is to get the channel in a state where it advances and is not blocked by some issue already | 16:37:30 |
| Sandro 🐧 | Also NixOS is already pretty fast compared to other distros which sometimes take weeks or months for such things | 16:38:05 |
| hexa | In reply to @sandro:supersandro.de
yeah, well, that will definitely not happen. Ours is released when the channel advances which can take a day or two. what else is new | 16:44:14 |
| hexa | In reply to @winterqt:nixos.dev
I wonder if there's a way we can fast track security changes like this... I regularly force evals for security issues | 16:44:37 |
| hexa | -small usually releases pretty fast | 16:44:59 |
| Winter (she/her) | so it can hopefully be faster than two days :) | 16:45:02 |
| Winter (she/her) | yeah | 16:45:03 |
| Winter (she/her) | small is very fast usually | 16:45:07 |
| hexa | 🤷 | 16:45:12 |
| Sandro 🐧 | In reply to @hexa:lossy.network
-small usually releases pretty fast I'd imagine people are either using the stable channel or unstable. You regularly need to build the browsers on small. | 16:46:34 |
| Sandro 🐧 | In reply to @hexa:lossy.network
-small usually releases pretty fast * I'd imagine people are either using the stable channel or unstable. You regularly need to build the browsers on unstable-small. | 16:46:39 |
| hexa | regularly is sufficiently vague | 16:47:29 |
| hexa | * "regularly" is sufficiently vague | 16:47:43 |
| Sandro 🐧 | When I was still on unstable-small I was building a browser at least twice a week | 22:21:14 |
| Winter (she/her) | How often did you update it though Sandro 🐧, plus -small is very specifically made for not having large rebuilds like browsers | 23:27:44 |
| 24 Sep 2022 |
| hexa | dependencies might change, but small will simply not build browsers | 02:04:32 |
