gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-security
justanotheruser has quit [Ping timeout: 258 seconds]
justanotheruser has joined #nixos-security
pie_ has quit [Ping timeout: 258 seconds]
Synthetica has joined #nixos-security
pie_ has joined #nixos-security
pie___ has joined #nixos-security
pie_ has quit [Ping timeout: 244 seconds]
<pie___> doesnt it make sense for it to be possible for someone to be listed as a package maintainer pseudonomously? commits need to be reviewed anyway, and code should be clear about what it does
pie_ has joined #nixos-security
pie___ has quit [Ping timeout: 276 seconds]
pie_ has quit [Remote host closed the connection]
pie___ has joined #nixos-security
pie___ has quit [Remote host closed the connection]
pie___ has joined #nixos-security
<andi-> we do not enforce real names IIRC... Not sure what the difference to the status quo would be. Not sure if all the people with the commit bit are "known".
pie_ has joined #nixos-security
pie___ has quit [Ping timeout: 250 seconds]
<pie_> random irc channel xpost <h01ger> https://www.spiegel.de/netzwelt/games/spieleentwickler-verbreiten-versehentlich-infizierte-spiele-a-1264181.html - supply chain attacks via backdoored visual studio, attacking gamers
<pie_> <h01ger> interesting also: the malware doesnt active itself if the computer language is set to russian or simplified chinese :)
<pie_> google translate: "It is unclear whether the studios used illegal copies of the software they had obtained through a swap or other unofficial sources. The alternative would be that hackers have invaded the game maker's computer and manipulated its version of Microsoft Visual Studio."
<andi-> not sure how that is relevant to us in here besides the obvious..
<pie_> just the obvious i guess, and moar supply chainz
<simpson> Sorry, it's not at all obvious. It looks like, ineed, a random cross-post.
<pie_> ok maybe i was a bit trigger happy on that one