| 20 Jul 2021 |
 Alyssa Ross | they're in today's stable releases | 16:01:00 |
 das_j | ah great | 16:01:06 |
| Alyssa Ross | so it's just a stable kernel update as usual | 16:01:14 |
| Alyssa Ross | janne.hess: https://github.com/NixOS/nixpkgs/pull/130807 | 16:05:33 |
 hexa | it's usually not worth looking into kernel vulns, because we bump them often enough and they will be released sooner or later | 16:09:43 |
| Alyssa Ross | this seems to be a particularly serious one | 16:10:09 |
| hexa | which is why it was coordinated and promtly released on a schedule | 16:10:27 |
| hexa | * which is why it was coordinated and promptly released on a schedule | 16:10:35 |
 ajs124 | In reply to @hexa:lossy.network
it's usually not worth looking into kernel vulns, because we bump them often enough and they will be released sooner or later also, you need to reboot to apply them. our reboot schedule for a bunch of systems is every half year for the release upgrade. | 16:12:05 |
| hexa | yeah rebooting is messy :D | 16:12:28 |
 philipp | But the absolutely best feeling is to reboot a compelx system and it just coming back up without any issues. | 16:13:18 |
|  sumner left the room. | 21:42:19 |
| 21 Jul 2021 |
|  Arminio Genevino joined the room. | 20:25:46 |
|  Elliot joined the room. | 20:25:46 |
| Arminio Genevino | o/ | 20:25:50 |
| Elliot | Is there a detailed writeup of how NixOS stacks up against other distros wrt to security? | 20:26:10 |
 nixinator | In reply to @noch3:matrix.org
Is there a detailed writeup of how NixOS stacks up against other distros wrt to security? i can't think of one of the top of my braincase, but do you have a specific questions? | 21:20:27 |
| Elliot set a profile picture. | 21:45:49 |
| 22 Jul 2021 |
 julianst | hey! the steps to verify the Nix download as they are documented on the homepage seem to be broken: https://nixos.org/download.html#nix-verify-installation | 08:35:56 |
| julianst | specifically:
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
gpg: keyserver receive failed: No name
| 08:36:05 |
| julianst | I can download edolstra's key manually, but I assume the --recv-keys should also work given that it's what's people try first | 08:36:48 |
 andi- | In reply to @js:ukvly.org
I can download edolstra's key manually, but I assume the --recv-keys should also work given that it's what's people try first Try now. I think the default keyserver that is used in NixOS (or upstream GnuPG by now?) has changed and it didn't have that key. | 08:43:26 |
| julianst | 
Download image.png | 08:49:56 |
| julianst | super weird | 08:50:41 |
| julianst | this is from my colleague. I still get the error above. boy, this gpg infrastructure is horrible :) | 08:51:23 |
| julianst | let me try from another box... | 08:52:06 |
| julianst | my other box says:
❯ gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
gpg: keyserver receive failed: Server indicated a failure
| 08:53:58 |
| julianst | 🤷 | 08:54:13 |
| julianst | I guess the best way is to just change the description to download the key from nixos.org | 08:55:14 |
| julianst | ah, someone is already on it: https://github.com/NixOS/nixos-homepage/pull/724 | 08:57:56 |
