| 20 Jun 2024 |
 teutat3s | All versions in nixpkgs already have the fixes AFAICT, not sure if vulnerability warnings should be added? | 10:11:37 |
 hexa | we expect users to upgrade to get fixed packages always | 10:11:57 |
| 21 Jun 2024 |
|  @yuka:yuka.dev left the room. | 10:25:22 |
|  @linus:schreibt.jetzt left the room. | 14:05:51 |
|  Jason Blackwell joined the room. | 19:06:16 |
|  tlaurion aka Insurgo [ Timezone: ET ] changed their display name from Insurgo aka tlaurion [UTC-4] to Insurgo aka tlaurion [UTC-4] (Happy long Québec national long weekend! back Tuesday). | 22:09:33 |
| 22 Jun 2024 |
|  @bumperboat:matrix.org changed their display name from bumperboat (UTC+1) to bumperboat (UTC+2). | 16:48:09 |
| 23 Jun 2024 |
|  @networkexception:chat.upi.li left the room. | 22:08:37 |
| 24 Jun 2024 |
|  @dclmatrix:matrix.org removed their profile picture. | 05:28:26 |
| @dclmatrix:matrix.org removed their display name blu3. | 05:28:31 |
| @dclmatrix:matrix.org left the room. | 05:28:36 |
|  @lotte:chir.rs left the room. | 11:12:55 |
| 25 Jun 2024 |
| tlaurion aka Insurgo [ Timezone: ET ] changed their display name from Insurgo aka tlaurion [UTC-4] (Happy long Québec national long weekend! back Tuesday) to tlaurion aka Insurgo [UTC-4]. | 16:53:38 |
|  @shaderoit99:matrix.org joined the room. | 17:09:45 |
|  @axiomss:matrix.org joined the room. | 22:07:32 |
| 26 Jun 2024 |
|  @oliviacrain:matrix.org left the room. | 17:02:33 |
|  maralorn joined the room. | 20:59:22 |
| maralorn | I would like to merge this security fix for pandoc into master asap. However it has a 501-1000 tag, is that acceptable in this case? https://github.com/NixOS/nixpkgs/pull/322669 | 21:00:56 |
| hexa | go for it | 21:01:38 |
 tgerbet | I will have access to my aarch64 builder in ~1h to confirm but my nixpkgs-review for half the builds looked fine | 21:05:08 |
| tgerbet | There are a lot of things but mainly small ones | 21:06:48 |
| maralorn | I am super certain that that patch will not affect downstream packages.^^ | 21:10:05 |
| maralorn | * I am quite certain that that patch will not affect downstream packages.^^ It only modifies a template. | 21:10:51 |
| 27 Jun 2024 |
| maralorn | How important is it to back port fixes to 23.11? | 00:39:13 |
 vcunat | I'm not sure, but the promise of maintenance ends in a couple days. | 05:29:49 |
 Markus Theil | https://www.openssl.org/news/secadv/20240627.txt | 11:07:28 |
| Markus Theil | Even with low severity, I'll open PRs this evening if time permits. | 11:07:52 |
| Markus Theil | * Even with low severity, I'll open PRs this evening if time permits. I have no real overview, if this is a issue somewhere, but buffer overread/possible information leak should be enough to take some action. | 11:09:08 |
| Markus Theil | The low severity issues I did not included as patches but waited for the next minor release were causing high load/DoS but no information disclosure. This is just my personal distinction between patch and wait. I hope at least some of you share this view. | 11:10:44 |
| Markus Theil | * The low severity issues I did not include as patches but waited for the next minor release in the past were causing high load/DoS but no information disclosure. This is just my personal distinction between patch and wait. I hope at least some of you share this view. | 11:11:08 |
