gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
LnL has quit [Ping timeout: 240 seconds]
LnL has joined #nixos-security
LnL has joined #nixos-security
LnL has quit [Changing host]
<ris> #72808
<{^_^}> https://github.com/NixOS/nixpkgs/pull/72808 (by risicle, 31 seconds ago, open): [r19.03] ghostscript: add patches for several CVEs
<ris> realized i've forgotten about a lot of 19.03 backports
justanotheruser has joined #nixos-security
ris has quit [Ping timeout: 258 seconds]
Synthetica has quit [Quit: Connection closed for inactivity]
<samueldr> I'm wondering what process I should follow to properly disclosed the (known) issue of the pinebook pro shipping with a distro with (1) ssh (2) accepting root login (3) with password (4) with default password root
<samueldr> I'm sure a security analyst would have a couple veins burst following what is being done with that default distro
<samueldr> it's being done by a third party community member, which makes this a bit touchy
<samueldr> and highly lacks reproducibility
justanotheruser has quit [Ping timeout: 246 seconds]
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 240 seconds]
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 265 seconds]
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 265 seconds]
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 240 seconds]
FRidh has joined #nixos-security
<andi-> samueldr: security@ on their end? Does that even exist? If not file an issue towards that distro?
sphalerite has quit [Remote host closed the connection]
sphalerite has joined #nixos-security
sphalerite has quit [Client Quit]
sphalerite has joined #nixos-security
sphalerite has quit [Client Quit]
sphalerite has joined #nixos-security
haiko has joined #nixos-security
tilpner_ has joined #nixos-security
tilpner has quit [Ping timeout: 276 seconds]
tilpner_ is now known as tilpner
filemon has joined #nixos-security
<filemon> plz someone remove this hacker my ip seems to change too - from my PC-TY
filemon has quit [Ping timeout: 268 seconds]
pie_ has quit [Ping timeout: 268 seconds]
<samueldr> it has been disclosed to the (sole) author, and they don't care :/
pie_ has joined #nixos-security
<andi-> samueldr: oss-security?
<andi-> Might be a good way to get some attention on the issue
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 240 seconds]
justanotheruser has joined #nixos-security
filemon has joined #nixos-security
filemon_ has joined #nixos-security
filemon has quit [Ping timeout: 268 seconds]
filemon__ has joined #nixos-security
filemon_ has quit [Ping timeout: 240 seconds]
filemon__ has quit [Ping timeout: 268 seconds]
<tilpner> samueldr: Ping tllim/open a ticket?
<samueldr> the whole distro is tiring me... it *is* so hapazard, probably should come with a disclaimer from california about some risks
<samueldr> now, because of some security incident at the factory, they have shipped some with windows viruses in the (FAT) boot partition, which is likely a stowaway from burning on windows machines
<samueldr> so the update script has been updated to delete everything not expected from the partition :/
<samueldr> update script which is of dubious quality, unzipping stuff on the FS
<tilpner> D:
<gchristensen> !!!!!
FRidh has quit [Quit: Konversation terminated!]
<IdleBot_59b8da4c> Maybe the distro should be treated as just a «this is how you bring up the drivers» working demo…
<IdleBot_59b8da4c> (which is a very useful thing for a niche platform, of course)
tilpner_ has joined #nixos-security
tilpner has quit [Ping timeout: 276 seconds]
ckauhaus has quit [Quit: WeeChat 2.6]
ris has joined #nixos-security
tilpner_ has quit [Remote host closed the connection]
tilpner_ has joined #nixos-security