| 13 Sep 2022 |
 hexa | * fetchurl & autoPatchelf to the rescue (works) | 12:09:18 |
 @pacien:pacien.net | In reply to @hexa:lossy.network
they introduced rust bindings that want to download stuff whenever I have the same issue with matrix-appservice-discord depending on the sdk depending on some rust implementation of olm. It has been proposed to just download the thing instead of trying to build from source, but that's not ideal: https://github.com/NixOS/nixpkgs/pull/186316#issuecomment-1236993401 | 12:43:38 |
 Dandellion | https://github.com/matrix-org/synapse/releases/tag/v1.67.0 was just released with a warning about requiring a rust compiler for 1.68 as well | 12:44:22 |
| hexa | Notkea: ultimate someone needs to package matrix-sdk-rust | 12:47:32 |
| hexa | * Notkea: ultimately someone needs to package matrix-sdk-rust | 12:47:36 |
| hexa | https://github.com/matrix-org/matrix-rust-sdk | 12:48:09 |
| @pacien:pacien.net | and matrix-sdk-crypto-nodejs,
and napi-rs,
and maybe moreโฆ | 12:48:23 |
| hexa | yeah, but ideally I won't have to come up with that during a security update | 12:49:47 |
| hexa | and ultimately maintainers should take care of such an endeavour | 12:50:01 |
| hexa | nix-repl> matrix-appservice-irc.meta.maintainers
[ ]
| 12:50:22 |
| hexa | https://github.com/NixOS/nixpkgs/pull/191065 | 12:52:02 |
| hexa | roast me | 12:52:02 |
| hexa | piegames: so at least you are still codeowner ๐ | 13:04:00 |
 f0x | oof | 13:06:01 |
| f0x | fwiw pinning the resolution is a working patch too | 13:06:13 |
| hexa | but that is pretty much downgrading the dependency? | 13:07:40 |
| hexa | I have neither time nor expertise to evaluate possible breakages before they hit production | 13:08:07 |
| f0x | In reply to @hexa:lossy.network
but that is pretty much downgrading the dependency? yeah, so it doesn't depend on the rust stuff | 13:08:41 |
| f0x | and the bridge uses none of the crypto stuff anyways | 13:08:54 |
| f0x | but fair, yeah | 13:09:00 |
| hexa | wow ๐ | 13:09:06 |
| f0x | it's a dependency downgrade, but still in the supported semver by matrix-appservice-bridge^3.2.0 | 13:11:41 |
| f0x | * it's a dependency downgrade, but still in the supported version range by matrix-appservice-bridge^3.2.0 | 13:11:47 |
| hexa | I don't have a strong opinion in this case | 13:19:25 |
| hexa | I'm not sure if or when they will bump the lower end | 13:19:56 |
| hexa | both are band-aids | 13:20:11 |
| hexa | * both solutions are band-aids | 13:20:15 |
| f0x | yep.. | 13:20:38 |
| hexa | https://matrix.org/blog/2022/09/13/security-release-of-matrix-appservice-irc-0-35-0-high-severity | 16:25:22 |
| hexa | unstable-small has the bump fwiw | 16:25:29 |
