andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: + | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)
ris has quit [Ping timeout: 244 seconds]
__red__ has quit [Remote host closed the connection]
__red__ has joined #nixos-security
<__red__> nn
zarel_ has joined #nixos-security
zarel has quit [Ping timeout: 258 seconds]
ninjin has quit [Remote host closed the connection]
ninjin has joined #nixos-security
FRidh has joined #nixos-security
ris has joined #nixos-security
MichaelRaskin has joined #nixos-security
<ehmry> __red__ andi- hexa- MichaelRaskin pie_ : nixos-security chat on wednsday the 11th at 18:00 UTC? (19:00 CET, 13:00 EST)
<hexa-> wfm
<andi-> ehmry: yeah, where and what are the topics? I'd like to avoid just a chat into the void without any actionable outcome.
<hexa-> ^
<ehmry> we are probably going to talk about isolation
<ehmry> and exotic platforms, thats what it was last time
<MichaelRaskin> Works for me too. Not sure re: actionable outcomes, as my current position is «we need more flexibility to share the annoying stuff so that complicated experiments are annoying for good and not for bad reasons, which is RFCs#42 RFCs#78 and probably RFCs#67»
<{^_^}> (by Infinisil, 1 year ago, open): [RFC 0042] NixOS settings options
<{^_^}> (by 7c6f434c, 2 weeks ago, open): [RFC 0078] System-agnostic configuration file generators
<{^_^}> (by FRidh, 33 weeks ago, open): [RFC 0067] Common override interface derivations
<andi-> sorry but that sounds more like a bikeshedding meeting to me then.. I mean those are discussions to be had but I do not see myself attending just to hear from everyone how bad things are.. we must invest time to improve things.
<andi-> Also probably more a NixOS-Module-System discussion then a "security" focused thing.
<MichaelRaskin> I do not say that these are the topics I will push at the discussion
<MichaelRaskin> I more say that in the short-term I kind of know what improvements are to be done, and they are being worked on, so I do nto bring anything actionable
<hexa-> Also not sure how exotic platforms are strictly security related
<hexa-> imo a thing that we need to talk about is: how to improve on (stateful) tracking of security issues
<gchristensen> +1 my inbox is not ag ood place for it
<MichaelRaskin> A restricted-access issue tracker that knows how to accept incoming Cc:?
<andi-> I think we do have way more issues than those that are restricted to take care of.
<andi-> The restricted set is just a (small/tiny) subset of it.
<gchristensen> +1
<andi-> Also as far as NixOS security goes I"d refuse to accept anything for Nix. Those aren't our business and we can't do *anything* about it anyway. It's eelco alone.
<gchristensen> that is certainly true today
<pie_> ehmry: downside of non weekend is some people might have to drop off, but lgtm i guess :D jpo seems like the deepest expert though? so we might want to make sure to accomodate him
<pie_> yeah i was kinda wondering what we could possibly do other than saying everything sucks x) , im down either way though
<ehmry> i thought security breakout room from before was pretty constructive, but I don't think there was any plan to it
<ehmry> and nixos-modules is something that I'd like to talk about also
<ehmry> its not bikeshedding if the meeting is only about bike sheds :)
<infinisil> ehmry: What's nixos-modules?
<infinisil> (or is that just NixOS modules?)
<ehmry> infinisil: by nixos-modules I mean RFCs#78
<{^_^}> (by 7c6f434c, 2 weeks ago, open): [RFC 0078] System-agnostic configuration file generators
<ehmry> or i think thats what MichaelRaskin means
<MichaelRaskin> I never said nixos-modules, though!
<MichaelRaskin> But yes, 78 was one of the things I meant in some of my statements
<hexa-> how is that related to security?
<hexa-> I feel like I'm missing context, I wasn't part of said breakout room.
<MichaelRaskin> Well, if you want aggressive isolation, at some point you end up with a setup where you don't want to just run NixOS-generated services, but do want NixOS-generated config files
<hexa-> rereading ther fc
<hexa-> that seems somewhat tangential to what I imagine as security
<hexa-> I'm all for configuration file abstractions, don't get me wrong. But I imagined something more related to the topic of this channel.
<hexa-> Which to me is security vulnerabilities/issues/support and sure, maybe also design
<ehmry> yea, its not really a security discussion, we will need to dicuss a better name
<__red__> Good Morning
<__red__> speaking of the breakout room - were there any notes / logs?
<__red__> and looks like I have some RFCs to read
<pie_> ive been prodding puck to dump the logs for the security channel but its apparently not quite trivial and mostly just some linkes ended up in there
<pie_> it would be nice if we could get a decent transcript going but that requires someone to put in concerted effort so eh?
<__red__> I still feel completely disconnected from the group tbh
<__red__> so I'll probably gain something out of any meeting
<__red__> I feel the work that I'm doing is disconnected from everything else
<MichaelRaskin> hexa-++
<{^_^}> hexa-'s karma got increased to 12
<MichaelRaskin> I agree it is more #spectrum-side isolation than #nixos-security vulnerability management
rajivr has quit [Quit: Connection closed for inactivity]
justanotheruser has quit [Ping timeout: 272 seconds]
justanotheruser has joined #nixos-security
FRidh has quit [Quit: Konversation terminated!]