12:50 <pie___> doesnt it make sense for it to be possible for someone to be listed as a package maintainer pseudonomously? commits need to be reviewed anyway, and code should be clear about what it does

13:57 <andi-> we do not enforce real names IIRC... Not sure what the difference to the status quo would be. Not sure if all the people with the commit bit are "known".

14:02 <pie_> random irc channel xpost <h01ger> https://www.spiegel.de/netzwelt/games/spieleentwickler-verbreiten-versehentlich-infizierte-spiele-a-1264181.html - supply chain attacks via backdoored visual studio, attacking gamers

14:02 <pie_> <h01ger> interesting also: the malware doesnt active itself if the computer language is set to russian or simplified chinese :)

14:03 <pie_> google translate: "It is unclear whether the studios used illegal copies of the software they had obtained through a swap or other unofficial sources. The alternative would be that hackers have invaded the game maker's computer and manipulated its version of Microsoft Visual Studio."

14:06 <andi-> not sure how that is relevant to us in here besides the obvious..

14:07 <pie_> just the obvious i guess, and moar supply chainz

14:07 <simpson> Sorry, it's not at all obvious. It looks like, ineed, a random cross-post.

14:08 <pie_> ok maybe i was a bit trigger happy on that one

19:06 <gchristensen> hey everyone, I'm going to be hosting regular Nix ecosystem office hours starting next week. It'll be a video call where anyone can drop in and chat about the Nix ecosystem: cool PRs, problems, improvements, how to help each other to improve Nix. If you're interested, please tell me when you're available over at https://doodle.com/poll/aq9iytabi3k7z9da#calendar -- thank you!

19:56 <pie__> pie_, note to self for tomorrow: look into cve quality and related discussion items, misp, feeds, luxembourg feed, open vulnerability database & blog, ideals

20:00 <pie_> garbage in time consumption out