[Nix-dev] [***SPAM***] Nixpkgs-Monitor service is online

[phreedom at yandex.ru]

Hi comrades,

I'd like to unveil this new service, which will hopefully help us keep Nix stuff fresh and 
secure: http://vdmvtkitqc3grub6.onion.to/

This is a yesterday's scan result, it may go offline for 5-30 minutes several times per day 
as I'm working on improving it.

I'd like some feedback and suggestions.

The ultimate goal of this project is not only make us more efficient and make you all drop 
your custom updater scripts in favor of this tool.

I wanted to identify the dark corners of nixpkgs which lack developer attention. Coverage 
and maintainer reports are a part of this plan. Other parts should be completed by the 
weekend. I'll write about it in another email.

The current todo/known issues:
* vulnerability report has quite some noise. CVE data is not pretty and the code was tuned 
to get close to zero false negatives, so some false positives are inevitable.
* packages with weird tarballs like zip which cause eg version 232 to be suggested instead 
of 2.32
* gentoo and its 99999 versions
* support for multiple versions of the same package in nixpkgs, eg linux, kde
* support for branches, eg don't suggest linux 3.12 as an upgrade to linux 3.2
* add bindings  for nix and use them to extract meta.repositories.git, branch info and 
otherwise just speed things up.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20131101/798d599d/attachment.html