#nixos-security on 2018-10-16

15:06 gmarmstrong has joined #nixos-security

15:36 gmarmstrong has quit [Quit: Quit]

16:31 <sphalerite> gchristensen: fpletz: anything missing on https://github.com/mayflower/nixpkgs/commit/9c7a6aa23b91299f0fc057207421a03a44479444 ?

16:32 <sphalerite> I'll also backport, and probably follow it up with an upgrade to 0.8.x on master

16:43 <pie_> "(Note; If you are using openssh, that does not consume libssh, and is not broken)"

16:46 <sphalerite> pie_: not sure what you mean? I should add that to the commit message?

16:49 <pie_> sphalerite, oh lol i was just xposting

16:49 <pie_> totally missed that you were dealing with that

19:23 MichaelRaskin has joined #nixos-security

23:43 <pie_> well guys uhhh "GitHub implemented their git ssh server with libssh" https://security.stackexchange.com/questions/195834/cve-2018-10933-bypass-ssh-authentication-libssh-vulnerability

23:48 <andi-> just another day in this broken world.. *sigh*

23:49 <pie_> and this is why you secure your toolchain? :P

23:49 <pie_> though technically hashes protect us right

23:50 <pie_> and people's stuff would complain if master mysteriously changed

23:53 * andi- has started to give up on following all the security foo.. It is bad for health..