| 20 Mar 2026 |
 emily | (I don't think a highlight on every message in here is a good idea, it's not an advisory notification channel, triage has to happen in the triage room even if not extended discussions…) | 19:16:56 |
| emily | (& many many vulnerabilities never come up in here at all đŸ˜…) | 19:17:31 |
 lennart | ah sorry, that wasn't clear to me. | 19:17:36 |
| lennart | I vaguely remember that I had this before, sorry, gonna turn of the notifications :D | 19:48:31 |
| 21 Mar 2026 |
 vcunat | Noone has reacted the initrd secrets problem apparently? I think it wouldn't be too hard to prevent nixos-unstable from updating, but should we? Also if it's bad, we need to merge quickly to fix nixos-unstable-small. | 06:16:30 |
 K900 | We should | 06:16:46 |
| K900 | It's stupid | 06:16:51 |
| vcunat | Done, I think.
Loaded: masked (Reason: Unit update-nixos-unstable.service is masked.)
| 06:21:35 |
| emily | perhaps revert for now? | 14:12:53 |
| K900 | @ElvishJerricco has a fix | 14:20:44 |
 ElvishJerricco | If no one's going to review it then I guess we just revert though | 14:21:15 |
| ElvishJerricco | I'd merge because I'm reasonably sure of the fix. But plausibly the original PR did it that way for some reason and the author / reviewers of it should chime in. I mean I think that's unlikely but that's one reason I haven't just self-merged it | 14:22:52 |
| emily | we had a fix 20 hours ago, we could have merged a revert like 24 hours ago | 14:31:17 |
| vcunat | Rebuilding all tests takes a while, but yes. | 14:39:49 |
| vcunat | * Rebuilding all tests takes a while, but yes.
(at least I assume that the fix wouldn't rebuild most tests) | 14:55:56 |
| vcunat | I guess we revert for now:
https://github.com/NixOS/nixpkgs/pull/501963 | 15:01:56 |
| 23 Mar 2026 |
 dish [Fox/It/She] | Closes 10 currently open security issues for siyuan https://github.com/NixOS/nixpkgs/pull/502753 | 18:20:37 |
| 24 Mar 2026 |
 leona | https://github.com/NixOS/nixpkgs/pull/503140 nginx | 20:11:50 |
| dish [Fox/It/She] | https://nodejs.org/en/blog/vulnerability/march-2026-security-releases | 21:38:22 |
| dish [Fox/It/She] | nodejs | 21:38:23 |
| dish [Fox/It/She] | 2 high, 5 medium, 2 low severity CVEs | 21:40:58 |
| dish [Fox/It/She] | 24.x and earlier are only affected by 4 of the medium vulns, but all of the high and low ones as well | 21:41:24 |
| dish [Fox/It/She] | PR submitted for all 4 versions https://github.com/NixOS/nixpkgs/pull/503168 | 21:48:49 |
 whispers [& it/fae] | aduh95 did this in #503151, #503152, #503153, and #503154 | 21:50:46 |
| whispers [& it/fae] | * aduh95 did this in #503151, #503152, #503153, and #503154. all are already merged. 24 to staging, the rest to master. | 21:50:59 |
| dish [Fox/It/She] | my apologies, didn't see those. Thank you! | 21:51:30 |
| 25 Mar 2026 |
 Fernando Rodrigues | https://xenbits.xenproject.org/xsa/advisory-482.html XSA targetting a Linux driver | 01:04:14 |
| Fernando Rodrigues | * | 01:04:31 |
| Fernando Rodrigues | I'm not entirely sure how to patch out kernels though | 01:04:55 |
| Fernando Rodrigues | * | 01:05:00 |
