gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
kleisli has joined #nixos-security
hmpffff_ has joined #nixos-security
hmpffff has quit [Ping timeout: 260 seconds]
LnL has quit [Ping timeout: 260 seconds]
LnL has joined #nixos-security
LnL has joined #nixos-security
FRidh has joined #nixos-security
FRidh has quit [Quit: Konversation terminated!]
FRidh has joined #nixos-security
hmpffff has joined #nixos-security
hmpffff_ has quit [Ping timeout: 240 seconds]
kgz is now known as kz
kz is now known as kgz
hmpffff_ has joined #nixos-security
hmpffff has quit [Ping timeout: 260 seconds]
anselmolsm has joined #nixos-security
justanotheruser has quit [Ping timeout: 272 seconds]
justanotheruser has joined #nixos-security
tokudan has quit [Remote host closed the connection]
tokudan has joined #nixos-security
<tokudan> broken.sh seems to have stopped updating, for unstable it's currently showing a commit date 2020-02-27 10:34:00 UTC... end of february
<hexa-> andi-:
<andi-> grml
<hexa-> Nay, nix
<andi-> It is clearly still alive and wasting many CPU cycles..
<andi-> it clearly has caught up to ab3adfe1c769c22b6629e59ea0ef88ec8ee4563f (latest 20.03 channel revision).. unclear why the interface doesn't show that
<andi-> actually it does.. tokudan https://broken.sh/channels/nixos-20.03
<andi-> but unstable is kinda stuck on februrary, interesting
<tokudan> yep, that's what i was looking at :)
<tokudan> anyway, I'll just pick a random one from 20.03, as I've had so much luck with p7zip last time :)
<andi-> happy hunting :)
<andi-> One thing about unstable that could become problematic in the long run is the time it takes to go through all the previous channel revisions..
<andi-> It takes about ~1min per revision
<andi-> apparently the git workdir is dirty at some random point in time.. I thought I would be resetting them
<andi-> tokudan: ping me if by tomorrow it hasn't caught up
<tokudan> andi-, will do, thanks for your work :)
<tokudan> i seem to have a knack for this... or a huge amount of software just isn't maintained anymore. libid3tag latest release is from 2004 and has three unfixed CVEs in that release. just denial of service though.
<andi-> Yeah
<andi-> I feel sorry for not having documented many of these cases.. I went through many of them for 2-3times (wiht months inbetween) without noticing I already did that work.. Taking notes is crucial.
<tokudan> probably a good time to start a thread on discourse regarding the status of packages and when we consider a package to be vulnerable
justanotheruser has quit [Quit: WeeChat 2.7.1]
justanotheruser has joined #nixos-security
<andi-> tokudan: thanks, I also just did two changes to broken.sh... For whatever reason I wasn't using the existing package cache that I create whenever I eval a revision for the first time.. It was always computing a bunch of stuff that never changes..
anselmolsm has quit [Remote host closed the connection]
MichaelRaskin has quit [Ping timeout: 256 seconds]
anselmolsm has joined #nixos-security
anselmolsm has quit [Ping timeout: 240 seconds]
anselmolsm_ has joined #nixos-security
MichaelRaskin has joined #nixos-security
justanotheruser has quit [Ping timeout: 260 seconds]
justanotheruser has joined #nixos-security