[Nix-dev] Secure NixOS
phreedom at yandex.ru
phreedom at yandex.ru
Mon Dec 7 16:12:37 CET 2015
On Monday, December 07, 2015 11:14:14 zimbatm wrote:
> (2) might be a bit difficult. I'm not sure NixOS has enough popularity yet
> to gather that kind of funding. Also it means going into politics for
> example to decide which set of packages are security-supported. That being
> said, we could go a long way towards point 2 by having the scraper notify
> the package maintainer by email. Having people scan the CVEs is redundant
> and should be automated away. Personally I know that if I got an email I
> would probably package the new version the same day.
We already had an equivalent. Although it's currently down, I will hopefully
resurrect it soon. You could add yourself to the maintainer list of the set of packages
you're interested in, and get an RSS feed from the automated CVE matching
service. Also, you have to realise that CVE matching is very imprecise, and to get
very little(but still not zero) false negatives, you have to live with a rather large
number of false positives.
-- Evgeny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20151207/c0b39a7f/attachment.html
More information about the nix-dev
mailing list