gchristensen changed the topic of #nixos-borg to: https://www.patreon.com/ofborg https://monitoring.nix.ci/dashboard/db/ofborg?refresh=10s&orgId=1&from=now-1h&to=now "I get to skip reviewing the PHP code and just wait until it is rewritten in something sane, like POSIX shell. || https://logs.nix.samueldr.com/nixos-borg
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-borg
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-borg
<timokau[m]> What does a failure in `eval-check-meta` mean?
<{^_^}> #45001 (by jbaum98, 1 day ago, open): givaro: Add darwin support
<timokau[m]> Oh it restarted now
<timokau[m]> The error message was hard to parse, lets see if it re-appears
<LnL> maybe he pushed a fix
<LnL> gchristensen: what do you think about formalising the know/trusted users requirement?
<LnL> eg. known: 5 contributions, trusted: active for more than 6 months (just random numbers here)
<MichaelRaskin> I don't think 6 months is a good cutoff
<MichaelRaskin> I would have a balance of time and actualy useful-effort-spent
<LnL> these don't have to be hard rules either, just a general indication so people know what to expect
<MichaelRaskin> I think even guidelines should stress that sleeper agents are less interesting than people with an observed commitment
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-borg
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-borg
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-borg
orivej has quit [Ping timeout: 272 seconds]
<gchristensen> LnL: that seems like a good idea, and I'd take MichaelRaskin's input for sure. ideally we woludn't need trusted users and would just have disposable macOS vms :)
<MichaelRaskin> And we also would have some sane network access specification?
<gchristensen> happy to make that better
<LnL> yeah, I'm actually more concerned about networking then anything else (which isn't solved by sandboxing)
<gchristensen> MichaelRaskin: could you write up how you've set it up?
<gchristensen> maybe the answer is don't have random people run builders.
<MichaelRaskin> Right now I took it all down, and my plan is to have it up mid-October
<gchristensen> ok
<MichaelRaskin> The problem is not about builders being trusted or not
<gchristensen> yes I know
<MichaelRaskin> The problem is about builds…
<gchristensen> but it is complicated to set up robust network segmentation on a home network
<MichaelRaskin> I didn't have anything interesting about the builder setup.
<gchristensen> and not something I can easily recommend
<{^_^}> nix#2270 (by edolstra, 6 weeks ago, open): Restrict fixed-output derivations
<MichaelRaskin> Yeah, my other devices are generally configured under the assumption of untrusted WiFi connection
<gchristensen> anyway, my family is sick today, so I'm AFK for most of it. I'll be around when I can :)
<MichaelRaskin> Oh
<MichaelRaskin> I commented in the Nix issue in question
<gchristensen> (since 20min ago I've been here sending "afk, see you tomorrow" emails)
<{^_^}> [ofborg] @fgaz opened pull request #220 → Add fgaz to extra-known-users → https://git.io/fNA78
<{^_^}> [ofborg] @Enzime opened pull request #221 → Add myself to trusted users → https://git.io/fNAFr
orivej has joined #nixos-borg
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-borg
gleber_ has quit [Ping timeout: 255 seconds]
gleber_ has joined #nixos-borg