#nixos-security on 2018-11-26

00:00 tokudan[m] has quit [Read error: Connection reset by peer]

00:00 stammon has quit [Remote host closed the connection]

00:07 stammon has joined #nixos-security

00:14 tokudan[m] has joined #nixos-security

00:20 pie___ has joined #nixos-security

00:23 pie__ has quit [Ping timeout: 264 seconds]

04:45 pie___ has quit [Remote host closed the connection]

04:46 pie_ has joined #nixos-security

04:46 pie__ has joined #nixos-security

04:47 pie_ has quit [Remote host closed the connection]

05:03 MichaelRaskin has quit [Quit: MichaelRaskin]

07:07 periklis has joined #nixos-security

07:58 ckauhaus has joined #nixos-security

09:18 ivan_ has joined #nixos-security

09:20 sphalerite_ has joined #nixos-security

09:21 ckauhaus_ has joined #nixos-security

09:25 ckauhaus has quit [*.net *.split]

09:25 andi- has quit [*.net *.split]

09:25 johnnyfive has quit [*.net *.split]

09:25 ivan has quit [*.net *.split]

09:25 sphalerite has quit [*.net *.split]

09:25 lewo has quit [*.net *.split]

09:25 samueldr has quit [*.net *.split]

09:27 samueldr has joined #nixos-security

09:34 andi- has joined #nixos-security

11:27 periklis has quit [Ping timeout: 252 seconds]

12:23 __Sander__ has joined #nixos-security

13:02 ma27 has quit [Ping timeout: 245 seconds]

13:04 ma27 has joined #nixos-security

13:55 ivan_ is now known as ivan

14:09 sphalerite_ is now known as sphalerite

16:44 __Sander__ has quit [Quit: Konversation terminated!]

18:17 johnnyfive has joined #nixos-security

19:57 <pie__> this is probably going around link sites or something but https://github.com/dominictarr/event-stream/issues/116#issuecomment-441753388

19:58 <pie__> apparently someone gave some bad actor ownership of a popular package on npm or osmething

20:04 <andi-> yeah, I saw it... we can look through our stuff or if we even ship that crypto currency thingy in some form..

20:05 <pie__> i dont actually understand whats up with any of the npm related security shitstorms

20:05 <gchristensen> 17:42 <delroth> looks like a9efcc85cbfc0a8ebf5ab8dbfa914e9447018923..03bcca7a457e60bbfd80272347a2a85ff821b832 had the backdoored flatmap-stream package in nixpkgs.

20:05 <gchristensen> 17:42 <delroth> the other way around: 03bcca7a457e60bbfd80272347a2a85ff821b832..a9efcc85cbfc0a8ebf5ab8dbfa914e9447018923

20:05 <pie__> aparently these are avoidable problems?

20:05 <pie__> which is to say: ive never used node or npm

20:06 <pie__> (as a developer)