supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-security
immae has joined #nixos-security
rajivr has joined #nixos-security
kalbasit_ has quit [Ping timeout: 240 seconds]
ris has quit [Ping timeout: 240 seconds]
justanotheruser has quit [Ping timeout: 264 seconds]
justanotheruser has joined #nixos-security
red[evilred] has joined #nixos-security
<red[evilred]>
Don't look now, but the vuln list is getting under control ;-)
<red[evilred]>
Stupid github question #1
<red[evilred]>
Is it possible for an issue owner to give someone permission to edit their comments or the title of the issue?
<red[evilred]>
(I'm guessing not)?
<lukegb>
hexa-: that CVE mostly is a result of a change in vulnerability policy on the containerd side IIUC, but using host networking is still broken :p
<red[evilred]>
I have about 250 or so left in my queue to triage
<red[evilred]>
but I've closed ~370 of them in the last week or so.
<red[evilred]>
so calling it a night
<red[evilred]>
(or should I say - morning? since it's 03:06 here
<red[evilred]>
)
<red[evilred]>
so - nn
<red[evilred]>
So far around half of the tickets I've looked at are out of date - meaning that packages got naturally bumped and the issues not referenced
<supersandro2000>
that sounds like a task we might want to code some automation around
<red[evilred]>
and a fair number of misvendored stuff
<red[evilred]>
I would agree
<supersandro2000>
yeah, I usually do not search for open issues about an PR
<red[evilred]>
I've automated the presentation, so I can see at a glance whether it's something that can close quick or not
<supersandro2000>
map the CVE to the fixed version and if the package is that version or newer close it with a link to the commit
<red[evilred]>
my biggest issue is when packagage name doesn't match ticket name or doesn't match pname or repology
<supersandro2000>
someone should do it ™️
<supersandro2000>
😂
<supersandro2000>
red[evilred]++
<{^_^}>
red[evilred]'s karma got increased to 1
<red[evilred]>
that was all awesome for 80% of the whole thing
<red[evilred]>
and I cleared all that out
<red[evilred]>
now I'm working on the weird 20%
<red[evilred]>
I just really wanted to get that queue down to a level where a human could look at it and not want to cry
<red[evilred]>
that's been my priority since joining this group
<red[evilred]>
I need to chat with ck or whoever is opening the vuln tickets
<red[evilred]>
I'm sure they're on here somewhere
<red[evilred]>
I may have a small request :-)
sgo has joined #nixos-security
stigo has quit [Ping timeout: 260 seconds]
sgo is now known as stigo
FRidh has joined #nixos-security
stigo has quit [Ping timeout: 246 seconds]
stigo has joined #nixos-security
FRidh has quit [Ping timeout: 272 seconds]
FRidh has joined #nixos-security
cole-h has quit [Ping timeout: 256 seconds]
FRidh has quit [Ping timeout: 246 seconds]
FRidh has joined #nixos-security
cole-h has joined #nixos-security
cole-h has quit [Ping timeout: 256 seconds]
sphalerite is now known as L1nuxH4ckerm4n
L1nuxH4ckerm4n is now known as sphalerite
FRidh has quit [Ping timeout: 246 seconds]
FRidh has joined #nixos-security
red[evilred] has quit [Quit: Idle timeout reached: 10800s]
FRidh has quit [Ping timeout: 256 seconds]
FRidh has joined #nixos-security
KREYREEN has quit [Remote host closed the connection]
KREYREEN has joined #nixos-security
FRidh has quit [Ping timeout: 256 seconds]
FRidh has joined #nixos-security
FRidh has quit [Ping timeout: 260 seconds]
FRidh has joined #nixos-security
KREYREEN has quit [Remote host closed the connection]
__red__ has joined #nixos-security
KREYREEN has joined #nixos-security
<hexa->
lukegb: fwiw: I was kindly asking for some to look into that :P