gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
davidtwco has quit [Read error: Connection reset by peer]
davidtwco has joined #nixos-security
midchildan has quit [Ping timeout: 268 seconds]
midchildan has joined #nixos-security
ris has quit [Ping timeout: 240 seconds]
justanotheruser has quit [Ping timeout: 240 seconds]
rajivr has joined #nixos-security
LnL- has joined #nixos-security
LnL- has joined #nixos-security
LnL has quit [Ping timeout: 260 seconds]
FRidh has joined #nixos-security
spookyscarysphal is now known as sphalerite
FRidh has quit [Remote host closed the connection]
FRidh has joined #nixos-security
ris has joined #nixos-security
ninjin has quit [Ping timeout: 240 seconds]
ninjin has joined #nixos-security
<andi-> What do you folks think about https://samy.pl/slipstream/ ? Shall we do something? Is there even something we can do? I personally just disabled all the ALGs by default (https://github.com/andir/infra/commit/606d33a32c4e895c8cb702dd8d88e6cecc27ca68).
FRidh has quit [Remote host closed the connection]
<gchristensen> I'm not sure we really can do much
<andi-> Well we have in other cases also decided to set certain defaults.
<gchristensen> yeah
<andi-> Because those seem sane compared to the upstream defaults
<andi-> That is mostly what I am asking here
<gchristensen> it is a pretty clever exploit
<danderson> personal opinion: NATs are not security devices. Therefore, this hack is cool, but working as intended. End-host firewalls would stop this attack just fine.
<danderson> disabling ALGs by default on routers might help a little bit, but honestly it's more likely to generate bug reports that VoIP is brokn
<andi-> danderson: Yeah, I agree with that.
<andi-> I hope we see a few smart doormats with ransomware. Maybe that helps with awareness :D
FRidh has joined #nixos-security
zarco has joined #nixos-security
<__red__> concur
<__red__> the world needs more smart doormats
<__red__> :-)
tv has quit [Read error: Connection reset by peer]
tv has joined #nixos-security
<{^_^}> #102359 (by mweinelt, 20 seconds ago, open): openldap: add patch to fix nullptr dereference in slapd
FRidh has quit [Remote host closed the connection]
FRidh has joined #nixos-security
<pie_> nats are de facto security devices
<gchristensen> lol
<MichaelRaskin> st like red tape is de facto security device, it kind of separates an area, but never really protects it
<MichaelRaskin> *just
rajivr has quit [Quit: Connection closed for inactivity]
justanotheruser has joined #nixos-security
<__red__> There's no reason why I can't close duplicates right?
<__red__> as long as they cover the same CVEs / packages / repos
<pie_> maybe add a pointer to the other one
* pie_ is not a maintainer
<__red__> Right - that's what I was thinking
<hexa-> yes
<hexa-> in collaboration giving a "why" is very beneficial
<__red__> coolio
<__red__> I think I can knock a few off today then.
<__red__> bbiab
<hexa-> __red__++
<{^_^}> __red__'s karma got increased to 2
<__red__> hmm
<__red__> anyone know who/how/why only certain projects are listed in https://release-monitoring.org/distro/NixOS/?page=1
<__red__> ?
FRidh has quit [Ping timeout: 246 seconds]
MichaelRaskin has quit [Quit: MichaelRaskin]