!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

696 Members
Coordination and triage of security issues in nixpkgs215 Servers

Load older messages

SenderMessageTime
12 Mar 2026
@elvishjerricco:matrix.orgElvishJerriccobut also (for anyone else in the room), this might be serious enough to just go straight to master23:30:38
@elvishjerricco:matrix.orgElvishJerriccoand eat the rebuild of all nixos tests23:30:45
@thamizhamudhu:matrix.orgTHAMIZHAMUDHU GOPALAN joined the room.23:43:19
@whispers:catgirl.cloudwhispers [& it/fae](fwiw staging-nixos merge PR was opened just now by zowoq, though as a draft because of potential kernel regressions: https://github.com/NixOS/nixpkgs/pull/499398)23:53:50
@whispers:catgirl.cloudwhispers [& it/fae]* (fwiw staging-nixos merge PR was opened an hour ago by zowoq, though as a draft because of potential kernel regressions: https://github.com/NixOS/nixpkgs/pull/499398)23:54:04
@whispers:catgirl.cloudwhispers [& it/fae]* (note: staging-nixos merge PR was opened an hour ago by zowoq, though as a draft because of potential kernel regressions: https://github.com/NixOS/nixpkgs/pull/499398)23:54:25
13 Mar 2026
@jammie:matrix.orgJamieMagee joined the room.03:38:10
@vcunat:matrix.orgvcunatGenerally I'm trying to remember to merge also staging-nixos whenever merging staging-next, as almost no tests get pre-cached during staging-next.04:59:05
@elvishjerricco:matrix.orgElvishJerriccoyea that makes sense04:59:55
@qyliss:fairydust.spaceAlyssa Rossif you're doing that you might as well merge into staging-nixos, then staging-nixos to master, so other pending changes come along06:27:41
@k900:0upti.meK900staging-nixos is currently held back due to something something regression in stable kernels06:28:11
@k900:0upti.meK900I am not sure of the details, zowoq is06:28:28
@qyliss:fairydust.spaceAlyssa Rosssurely we should just revert that then?06:28:46
@k900:0upti.meK900It didn't get merged to master yet06:28:56
@qyliss:fairydust.spaceAlyssa Rosson staging-nixos06:29:24
@qyliss:fairydust.spaceAlyssa Rossto avoid exactly this situation06:29:35
@k900:0upti.meK900Possibly06:29:40
@tom:pub.solartom joined the room.07:28:33
@qyliss:fairydust.spaceAlyssa RossMerged into staging-nixos, and staging-nixos merge queued.08:20:21
@elvishjerricco:matrix.orgElvishJerriccocool, thank you08:21:27
@k900:0upti.meK900Probably want to also bonk the staging-next automerge08:26:09
@arianvp:matrix.orgArianShould we create a NixOS-specific advisory for this one? Given we're one of the few Distros in the bucket "new systemd version + machined by default"09:25:13
@emilazy:matrix.orgemilymaybe just post on the Discourse security announcements forum09:46:14
@arianvp:matrix.orgArianLmao redhat filed a CVE for it14:48:56
@arianvp:matrix.orgArianhttps://www.cve.org/CVERecord?id=CVE-2026-410514:49:11
@arianvp:matrix.orgArianAnd the CVE is wrong. Marks more things as affected than needed. Great. 14:49:40
@magic_rb:matrix.redalder.orgmagic_rbyou mean that rhel7 is not affected?14:53:34
@k900:0upti.meK900New kernels with apparmor security fixes: https://lore.kernel.org/stable/2026031357-statistic-surrogate-41a7@gregkh/T/#t16:46:35
@k900:0upti.meK900Someone please do the dance16:46:45
@ma27:nicht-so.sexyma27ok, on it.16:56:43

Show newer messages

Back to Room ListRoom Version: 6