#nixos-security on 2018-11-14

02:57 eric88 has joined #nixos-security

02:57 <eric88> Hey all. Very interested in pitching NixOS to my CTO. Problem is the first thing he'll look at is the security page, which is outdated.

02:57 <eric88> Any way I can fix it up?

02:58 <eric88> (https://nixos.org/nixos/security.html for reference)

03:18 <eric88> Hello :o

03:46 eric88 has quit [Ping timeout: 252 seconds]

07:45 <LnL> what's outdated about it?

07:57 <ekleog> LnL: I think the fact is the nix-security-announce google group is long dead

07:58 <ekleog> should likely be erased / maybe replaced by a discourse category

07:59 <ekleog> (but currently no one appears to have / take the time to sum up weekly which vulnerabilities have been fixed, so if there's not this weekly announcement mail then it'll likely be just as dead)

09:04 periklis has joined #nixos-security

10:53 erictapen has joined #nixos-security

12:01 erictapen has quit [Ping timeout: 268 seconds]

13:05 primeos has quit [Quit: WeeChat 2.1]

14:02 __Sander__ has joined #nixos-security

14:04 periklis has quit [Ping timeout: 244 seconds]

16:29 __Sander__ has quit [Quit: Konversation terminated!]

17:36 c0bw3b_ has joined #nixos-security

17:48 pie_ has joined #nixos-security

18:46 pie_ has quit [Ping timeout: 244 seconds]

20:34 <ckauhaus> ekleog: LnL: the security page is definitively outdated

20:34 <ckauhaus> during NixCon we discussed a new structure

20:35 <ckauhaus> I'll prepare a PR against the website repo to reflect the current state of affairs

20:54 <ckauhaus> Vulnerability roundup 52 is on: #50367, #50368, #50369

20:54 <{^_^}> https://github.com/NixOS/nixpkgs/issues/50367 (by ckauhaus, 2 minutes ago, open): Vulnerability roundup 52: openjpeg-2.3.0: 1 advisory

20:54 <{^_^}> https://github.com/NixOS/nixpkgs/issues/50368 (by ckauhaus, 1 minute ago, open): Vulnerability roundup 52: php-7.2.8: 1 advisory

20:54 <{^_^}> https://github.com/NixOS/nixpkgs/issues/50369 (by ckauhaus, 51 seconds ago, open): Vulnerability roundup 52: exiv2-0.26: 3 advisories

20:54 <ckauhaus> openjpeg, php, exiv2

21:21 pie_ has joined #nixos-security

21:25 ckauhaus is now known as ckauhaus[afk]

21:31 erictapen has joined #nixos-security

21:56 <c0bw3b_> openjpeg: no fix upstream for cve-2018-16375 ATM

21:57 <andi-> nice to see more people being involved \o/

21:57 <andi-> I will try to sprint through some stuff in the next days as well...

22:03 <pie_> andi-, as it goes c:

22:50 c0bw3b_ has quit [Remote host closed the connection]

23:19 c0bw3b_ has joined #nixos-security

23:28 pie_ has quit [Remote host closed the connection]

23:29 pie_ has joined #nixos-security

23:29 pie_ has quit [Remote host closed the connection]

23:30 pie_ has joined #nixos-security

23:40 c0bw3b_ has quit [Remote host closed the connection]

23:48 erictapen has quit [Ping timeout: 260 seconds]