<elvishjerricco>
Huh. I'd really like to volunteer to help with all of that. I consider the nixpkgs haskell infra extremely important for my daily life. I'm still kinda new to nixpkgs compared to the people with commit access, so I dunno if I'd be considered qualified to have commit access and codeowner status.
<angerman>
elvishjerricco: if I had more time I might volunteer. But might just be pushing nix tools
<samueldr>
elvishjerricco: most committers started out like you, unsure if qualified; a good step into proving yourself is reviewing PRs and making PRs I guess
<elvishjerricco>
samueldr: Is there a good way to be notified of any haskell PRs without codeowner status?
<samueldr>
sadly I don't think there is :/
<samueldr>
though I do wonder if a CODEOWNER has to be someone with commit accesses
Synthetica has quit [Quit: Connection closed for inactivity]
drakonis1 has joined #nixos-dev
pie___ has joined #nixos-dev
pie__ has quit [Ping timeout: 252 seconds]
orivej has quit [Ping timeout: 252 seconds]
<angerman>
elvishjerricco: I know that at least alp is also interested in at least discussing the haskell infra direction. (We should also start using a hadrian ghc builder; which I'll likely have soon)
<angerman>
elvishjerricco: for now I'll put that all into haskell.nix; that should allow to work on that without interfering with nixpkgs for now.
<elvishjerricco>
Yea building GHC with Hadrian sounds good if it supports cross very well
<angerman>
it can built *relocatable* ghcs.
<angerman>
that's why I hacked ghc/cabal/hadrian so much.
<angerman>
alp then went ahead and redid the whole PR into something andrey was more content with merging.
sir_guy_carleton has quit [Quit: WeeChat 2.0]
drakonis_ has quit [Read error: Connection reset by peer]
orivej has joined #nixos-dev
dhess has quit [Ping timeout: 252 seconds]
orivej has quit [Ping timeout: 252 seconds]
Lisanna has joined #nixos-dev
drakonis1 has quit [Ping timeout: 272 seconds]
drakonis1 has joined #nixos-dev
<alp>
and the GHCs we build now even almost pass the testsuite
<angerman>
the test suite... yeat
Synthetica has joined #nixos-dev
orivej has joined #nixos-dev
drakonis1 has quit [Ping timeout: 245 seconds]
<alp>
heh. started at around 1k test failures I think, we're down to 40-50, and they're rather involved and nasty.
orivej has quit [Ping timeout: 268 seconds]
drakonis1 has joined #nixos-dev
drakonis1 has quit [Ping timeout: 268 seconds]
drakonis1 has joined #nixos-dev
drakonis1 has quit [Ping timeout: 244 seconds]
drakonis1 has joined #nixos-dev
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev
drakonis1 has quit [Ping timeout: 246 seconds]
drakonis1 has joined #nixos-dev
drakonis1 has quit [Ping timeout: 252 seconds]
drakonis1 has joined #nixos-dev
<pepesza>
Is the rule "Make sure that libraries build for all Python interpreters" a strict one? I.e. I have a lib I want to package and it's python3 only.
<infinisil>
pepesza: See this file ^^ for how to disable the build for a specific interpreter
<pepesza>
infinisil: awesome, thank you! :)
timokau[m] has joined #nixos-dev
orivej has quit [Ping timeout: 268 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 252 seconds]
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
infinisil has joined #nixos-dev
infinisil has quit [Client Quit]
infinisil has joined #nixos-dev
Synthetica has quit [Quit: Connection closed for inactivity]
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
infinisil has joined #nixos-dev
infinisil has quit [Remote host closed the connection]
infinisil has joined #nixos-dev
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
infinisil has joined #nixos-dev
infinisil has quit [Client Quit]
infinisil has joined #nixos-dev
orivej has joined #nixos-dev
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
infinisil has joined #nixos-dev
drakonis1 has quit [Ping timeout: 252 seconds]
drakonis1 has joined #nixos-dev
<ekleog>
OK question: I “maintain” nheko (actually haven't updated it since it last changed its build system). Today, nheko's maintainer dropped the project, and the repository is now locked and unmaintained. Do you think I should PR removing nheko from nixpkgs?
phreedom has quit [Ping timeout: 256 seconds]
phreedom has joined #nixos-dev
drakonis1 has quit [Read error: Connection reset by peer]
drakonis1 has joined #nixos-dev
orivej has quit [Ping timeout: 252 seconds]
drakonis has joined #nixos-dev
drakonis1 has quit [Ping timeout: 252 seconds]
<domenkozar>
sphalerite: would you like access?
<sphalerite>
domenkozar: yes please! :)
<domenkozar>
what's your github username again
drakonis has quit [Ping timeout: 260 seconds]
<domenkozar>
done :)
<domenkozar>
you need to accept an invit efirst
drakonis has joined #nixos-dev
<sphalerite>
domenkozar: thanks!
<sphalerite>
sorry I didn't answer, very unreliable ocnnection just now
<lassulus>
ekleog: imho, if it builds I would leave it in nixpkgs.
<ekleog>
I'd be happy to hear other opinions if possible :) and thanks! (switching the order of the sentence so that hopefully people do read the important part for them :°)
pie___ has quit [Ping timeout: 245 seconds]
drakonis has quit [Ping timeout: 252 seconds]
drakonis has joined #nixos-dev
drakonis_ has joined #nixos-dev
<timokau[m]>
I agree with keeping it, it may still be of use for people. Maybe in the future we could have some kind of anti-feature thing for "unmaintained"
<timokau[m]>
Especially since it doesn't seem too security critical
<samueldr>
some might say that a messaging app is security critical as much as a web browser; if a vulnerability exists, it could be pushed to users :/
<gchristensen>
in general, nixpkgs is not a repository for old and unmaintained software. I don't feel strongly if it is deleted now, but I would imagine that at some point it will be
<ekleog>
hmm… I guess in this specific case I feel better about removing it… because there have already been a few changes including “fix use-after-free in logout” since the last version bump I did (since the build system changed :(). Until now I thought these (the use-after-free and a few crashes) didn't look too bad (by judging from the changelog's trigger vector), but if it's no longer maintained it
<ekleog>
means I won't know if it's ever found to actually be a security issue :/
<timokau[m]>
Valid points, I guess I agree with removal
<gchristensen>
+1
<ekleog>
now, this won't make it into 18.09, I guess… well, if a CVE is attributed it'll be possible to patch it
<gchristensen>
we can mark it insecure on 18.09
<timokau[m]>
What does marking something insecure do?
<ekleog>
huh. ok, so discovering by a merge conflict that someone else had been bumping nheko, so actually the bugfixes I thought we didn't have we actually had
* ekleog
wonders whether that changes anything, though
<timokau[m]>
How about just marking it as insecure in general?
<ekleog>
yeah, think so too :)
pie__ has joined #nixos-dev
pie__ has quit [Ping timeout: 276 seconds]
pie__ has joined #nixos-dev
<sphalerite>
Is there a particular reason why the nixpkgs committers team is secret?
<gchristensen>
can it be made public?
<gchristensen>
perhaps some users don't want people to know they are members?
<sphalerite>
I think it makes sense to be transparent about this, especially for users who are concerned about security
<sphalerite>
I'd think it's in most people's best interest to know who can commit to nixpkgs :/
* gchristensen
has no opinion
<sphalerite>
hm the teams themselves only seem to be visible to members of the org
<sphalerite>
and membership of the org is shown on an individual basis, idk if there is a way to make all members publicly visible
<gchristensen>
yeah, I don't think this is an option.
<Ericson2314>
I'm surprised GitHub even lets one push such refs?
<Ericson2314>
Maybe they don't anymore and it's just grandfathered in?
<Ericson2314>
in any event, it looks like like arbitrary junk that can probably be deleted
<LnL>
hmm?
<gchristensen>
fun, Ericson2314 :D
<Ericson2314>
(that's a command which need not be run from the repo, it is querying the given repo for the refs it advertizes)
<LnL>
why wouldn't that be allowed?
<Ericson2314>
*a repo
<Ericson2314>
I was trying to decide if there's any security implications for smuggled stuff being there, but given that no default fetch would grab those, it's probably nil.
<Ericson2314>
LnL: well it's not bad per-se, but since they'll never show up in the github UI it seems dubvious. And furthermore since the `refs/remote` don't correspond to the (no) remotes of the github repo it's confusing
<LnL>
nah you can even fetch objects from pull requests, that's much worse IMHO
<Ericson2314>
probably unintentional result of a `git push --mirror`
<Ericson2314>
LnL: well I *like* PRs being not lost forever, haha
<Ericson2314>
can you push to `ref/pull`? I wonder if that would allow reopening closed PRs whose old branch moved.
<aanderse>
mic921: yeah thats an interesting conversation so far
Drakonis__ is now known as Drakonis
<mic921>
aanderse: yeah, I think we need to make sure that our nixpkgs members scale with the number of contributors. To avoid things happen in big communities like the linux kernel or LLVM.
<aanderse>
yeah i was reading another post on discourse about tags
<aanderse>
that sounded like it would help out as well
<aanderse>
the ability for people with commit access to see whats ready to go easily would be nice
<mic921>
aanderse: that might help a bit but usually the working list is already long enough that I do not have to search for ready pull requests.
<mic921>
I always have unread nixpkgs notifications.
<aanderse>
fair enough
<aanderse>
well i'll be keeping an eye on that thread and hope to hear some answers about how to eventually get commit access
<aanderse>
a formalized process, etc...
<mic921>
aanderse: at the moment usually people are asked by existing members or they are brave enough to ask themself.