[Nix-dev] [***SPAM***] Nixpkgs-Monitor service is online

Michael Raskin 7c6f434c at mail.ru
Fri Nov 1 17:55:32 CET 2013


>I'd like to unveil this new service, which will hopefully help us keep Nix stuff fresh and 
>secure: http://vdmvtkitqc3grub6.onion.to/
>
>This is a yesterday's scan result, it may go offline for 5-30 minutes several times per day 
>as I'm working on improving it.

Do you plan to publish the scripts so anyone would be able to run 
a quick check on a few packages locally?

I abandoned my plans to integrate a couple of distribution auto-updaters
(Debian, Gentoo) with NixPkgs precisely because they need some remote 
server to work.

>I'd like some feedback and suggestions.
>
>The ultimate goal of this project is not only make us more efficient and make you all drop 
>your custom updater scripts in favor of this tool.

If you want anyone to drop updater scripts, you need your service to be 
able to write updated expressions…

>I wanted to identify the dark corners of nixpkgs which lack developer attention. Coverage 
>and maintainer reports are a part of this plan. Other parts should be completed by the 
>weekend. I'll write about it in another email.

What is coverage? Coverage by nixos tests? Because I am not sure now…

Also, I think even my update-walker update script has a more predictable
version comparison (1.0.1c vs 1.0.1e) than your current CVE checker, but
having any CVE checker is great in any case, thanks for implementing 
this.





More information about the nix-dev mailing list