| 16 Apr 2026 |
 Sandro | We are running in absolute circles here, it would make so many things so much easier and things could be marked as vulnerable without having to worry about criplying peoples experience when they do not have a heavy server to compile stuff | 16:29:28 |
| Sandro | I try to avoid that as much as possible. If there are not many changes in between that can be easily done but than you can also just update the package.
If there are many changes, I am just going to throw the update on people regardless if there are breaking changes. It just takes to much of my time to properly test those patches on old things I am nowhere using. | 16:31:11 |
| Sandro | * I try to avoid that as much as possible. If there are not many changes in between that can be easily done but than you can also just update the package.
If there are many changes, I am just wanting to throw the update on people regardless if there are breaking changes. It just takes to much of my time to properly test those patches on old things I am nowhere using. | 16:36:34 |
 emily | what's going in circles is you restarting this argument unprompted every single time... | 16:37:39 |
| Sandro | It is the obvious solution in the room and what I as a maintainer what as an option and I am not heard. | 16:42:41 |
| Sandro | * It is the obvious solution in the room and what I as a maintainer want as an option and I am not heard. | 16:42:50 |
| Sandro | * It is the obvious solution in the room and what I as a maintainer want as an option and I am not being heard. | 16:42:54 |
| Sandro | * It is the obvious solution in the room and what I, as a maintainer, want as an option and I am not being heard. | 16:43:33 |
| Sandro | Especially when vulnerabilities are only relevant for a specific use case which might not even be a common one. Than I want to inform users of the software about it and if they for themselves have decided that the vulnerability does not apply to them and they have changed their configs to ignore it and accept the vulnerability than they should not feel a consequence. | 16:45:03 |
| emily | you're being heard, but the response to being heard has been people giving counterarguments and an end result of consensus against that position every time | 16:45:37 |
 leona | please not in this room.. | 16:45:56 |
| Sandro | Having to compile software on weak hardware (eg. a Rasperry Pi) is a consequence and sucks. Especially if you do not have a builder on that arch and compilation is expensive.
Me literally yesterday. | 16:46:03 |
| emily | apologies | 16:46:04 |
| emily | thought this was #security-discuss:nixos.org | 16:46:13 |
| 17 Apr 2026 |
 whispers [& it/fae] | re ^: https://github.com/NixOS/nixpkgs/pull/510184 still needs a manual backport to 25.11 and i don't have the time to do that for a while, if someone else wants to pick that up :3 | 14:31:28 |
 vcunat | https://github.com/NixOS/nixpkgs/pull/510931 | 14:52:29 |
 flx | https://github.com/NixOS/nixpkgs/pull/510558 | 16:11:39 |
|  dish [Fox/It/She] changed their profile picture. | 16:58:37 |
|  aaronedev joined the room. | 18:53:50 |
| 22 Apr 2026 |
| vcunat | CVE-2026-4367: libXpm Out-of-bounds read
https://lists.x.org/archives/xorg-announce/2026-April/003690.html | 06:21:10 |
| vcunat | * CVE-2026-4367: libXpm Out-of-bounds read
https://lists.x.org/archives/xorg-announce/2026-April/003690.html
EDIT: it's not small, Rebuild: linux 20383, darwin 8538 | 07:11:46 |
| flx | https://github.com/NixOS/nixpkgs/pull/512277 | 08:50:52 |
| 23 Apr 2026 |
 Scrumplex | NixOS is probably less affected than others, but there is a high severity fix for packagekit here:
https://github.com/NixOS/nixpkgs/pull/512652
See https://www.openwall.com/lists/oss-security/2026/04/22/6 | 06:42:42 |
|  Paul joined the room. | 16:12:57 |
|  Hythera joined the room. | 21:04:24 |
| Hythera | All PRs approved by at least one of their respected maintainers; would be nice if someone could take a look at them :)
https://github.com/NixOS/nixpkgs/pull/511009
https://github.com/NixOS/nixpkgs/pull/511515
https://github.com/NixOS/nixpkgs/pull/512781 | 21:06:30 |
|  John joined the room. | 22:31:28 |
|  gigacode joined the room. | 23:55:08 |
| 24 Apr 2026 |
|  Matthew Hiles joined the room. | 00:51:35 |
| 19 May 2021 |
|  @grahamc:nixos.org set the history visibility to "world_readable". | 22:57:54 |
