Hasnep · September 11, 2024 14:42
diff --git a/fluffychat.txt b/fluffychat.txt
 error: Package ‘fluffychat-linux-1.20.0’ in /nix/store/20yis5w6g397plssim663hqxdiiah2wr-source/pkgs/applications/networking/instant-messengers/fluffychat/default.nix:41 is marked as insecure, refusing to evaluate.


       Known issues:
        - The libolm end‐to‐end encryption library used in many Matrix
       clients and Jitsi Meet has been deprecated upstream, and relies
       on a cryptography library that has known side‐channel issues and
       disclaims that its implementations are not cryptographically secure
       and should not be used when cryptographic security is required.

       It is not known if the issues can be exploited over the network in
       practical conditions. Upstream does not believe such an attack is
       feasible, but has stated that the library should not be used going
       forward, and there are no plans to move to another cryptography
       implementation or otherwise further maintain the library at all.

       You should make an informed decision about whether to override this
       security warning, especially if you critically rely on end‐to‐end
       encryption. If you don’t care about that, or don’t use the Matrix
       functionality of a multi‐protocol client depending on libolm,
       then there should be no additional risk.

       Some clients are investigating migrating away from libolm to maintained
       libraries without known vulnerabilities.

       For further information, see:

       * The CVE records for the known vulnerabilities:

         * CVE-2024-45191
         * CVE-2024-45192
         * CVE-2024-45193

       * The libolm deprecation notice:
         <https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/README.md#important-libolm-is-now-deprecated>

       * The warning from the cryptography code used by libolm:
         <https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/lib/crypto-algorithms/README.md>

       * The blog post disclosing the details of the known vulnerabilities:
         <https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/>

       * The statement about the deprecation and vulnerabilities from the
         Matrix.org Foundation:
         <https://matrix.org/blog/2024/08/libolm-deprecation/>

       * A (likely incomplete) aggregation of client tracking issue links:
         <https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802>
	error: Package ‘fluffychat-linux-1.20.0’ in /nix/store/20yis5w6g397plssim663hqxdiiah2wr-source/pkgs/applications/networking/instant-messengers/fluffychat/default.nix:41 is marked as insecure, refusing to evaluate.


	Known issues:
	- The libolm end‐to‐end encryption library used in many Matrix
	clients and Jitsi Meet has been deprecated upstream, and relies
	on a cryptography library that has known side‐channel issues and
	disclaims that its implementations are not cryptographically secure
	and should not be used when cryptographic security is required.

	It is not known if the issues can be exploited over the network in
	practical conditions. Upstream does not believe such an attack is
	feasible, but has stated that the library should not be used going
	forward, and there are no plans to move to another cryptography
	implementation or otherwise further maintain the library at all.

	You should make an informed decision about whether to override this
	security warning, especially if you critically rely on end‐to‐end
	encryption. If you don’t care about that, or don’t use the Matrix
	functionality of a multi‐protocol client depending on libolm,
	then there should be no additional risk.

	Some clients are investigating migrating away from libolm to maintained
	libraries without known vulnerabilities.

	For further information, see:

	* The CVE records for the known vulnerabilities:

	* CVE-2024-45191
	* CVE-2024-45192
	* CVE-2024-45193

	* The libolm deprecation notice:
	<https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/README.md#important-libolm-is-now-deprecated>

	* The warning from the cryptography code used by libolm:
	<https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/lib/crypto-algorithms/README.md>

	* The blog post disclosing the details of the known vulnerabilities:
	<https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/>

	* The statement about the deprecation and vulnerabilities from the
	Matrix.org Foundation:
	<https://matrix.org/blog/2024/08/libolm-deprecation/>

	* A (likely incomplete) aggregation of client tracking issue links:
	<https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802>