gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
anselmolsm has quit [Quit: Konversation terminated!]
aminechikhaoui has quit [Ping timeout: 240 seconds]
aminechikhaoui has joined #nixos-security
aminechikhaoui has quit [Quit: Ping timeout (120 seconds)]
aminechikhaoui has joined #nixos-security
FRidh has joined #nixos-security
queiw has joined #nixos-security
<queiw> Is there a place where security vulnerabilities are tracked for NixOS/nixpkgs? In particular I'm wondering if NixOS is affected by the very recent OpenSSL-issue CVE-2020-1967, if I should check that myself and how, and if I should report such things as issues at https://github.com/NixOS/nixpkgs/issues
<FRidh> queiw: this one is being dealt with. Update is being built for stable release branches. master/unstable is likely to take several days. There is no good page that gives an overview. Searching for the openssl version in the issue tracker shows you updates/patches have been merged.
<queiw> FRidh: ah, I had done some searches on openssl but they didn't give any recent results. but if I remove is:issue from the filter there are results. anyway, thank you for the update
<FRidh> queiw: its important to add the version number
<flokli> queiw: there's also the "security" tag on most security-related issues
FRidh has quit [Quit: Konversation terminated!]
arianvp has joined #nixos-security
<qyliss> queiw: I find sorting my most recently updated on GitHub is the way to do with this sort of search
<flokli> the github ui is terrible with these things. I wish there was a more usable way of structuring these issues
<MichaelRaskin> There probably are, but I guess this would mean having multiple places for issues related to different workflows
<flokli> MichaelRaskin: yeah, I mean, things could still be github issues, but the metadata somehow better presented, and some reusable dashboards
<flokli> but yeah, it's definitely not easy.
<MichaelRaskin> That sounds on the edge of using GitHub issues like some of my projects use git
<MichaelRaskin> (the real system is a different one, periodic snapshots are pushed so one can see «what is the current state»)
lassulus has quit [Ping timeout: 264 seconds]
lassulus has joined #nixos-security
stigo has quit [Quit: stigo]
stigo has joined #nixos-security
anselmolsm has joined #nixos-security
anselmolsm has quit [Ping timeout: 250 seconds]
justanotheruser has quit [Ping timeout: 272 seconds]
justanotheruser has joined #nixos-security
FRidh has joined #nixos-security
FRidh has quit [Quit: Konversation terminated!]
tokudan has quit [Remote host closed the connection]
tokudan has joined #nixos-security
anselmolsm has joined #nixos-security
vesper has joined #nixos-security
vesper11 has quit [Ping timeout: 256 seconds]
Feliciana has joined #nixos-security
Feliciana has quit [Client Quit]
KeiraT has quit [Write error: Broken pipe]
KeiraT has joined #nixos-security
andi- has quit [Ping timeout: 256 seconds]
andi- has joined #nixos-security
andi- has quit [Quit: WeeChat 2.8]
andi- has joined #nixos-security
andi- has quit [Excess Flood]
andi- has joined #nixos-security
tilpner_ has joined #nixos-security
tilpner has quit [Remote host closed the connection]
tilpner_ is now known as tilpner
justanotheruser has quit [Ping timeout: 250 seconds]
justanotheruser has joined #nixos-security
anselmolsm has quit [Remote host closed the connection]
anselmolsm has joined #nixos-security