Jitsi-meet is marked as insecure by NixOS and cannot be installed without passing export NIXPKGS_ALLOW_INSECURE=1

[amalgame21]

What happened?

https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/olm/default.nix#L30-L75

https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/web-apps/jitsi-meet/default.nix#L37

Platform

• Chrome (or Chromium based)
• Firefox
• Safari
• Other desktop browser
• Android browser
• iOS browser
• Electron app
• Android mobile app
• iOS mobile app
• Custom app using a mobile SDK

Browser / app / sdk version

jitsi-meet-1.0.7952

Relevant log output

No response

Reproducibility

• The problem is reproducible on meet.jit.si

More details?

No response

[saghul]

IMHO that's too harsh from Nix. There are no known explots to those CVEs.

At any rate problem here is that there is no direct path for migrating from Olm to Vodozemac because the JS bindings are unmaintained: matrix-org/vodozemac-bindings#9

We are currently evaluating what to do here.

[amalgame21]

Thank you for your effort!