Remediating thousands of untracked security vulnerabilities in nixpkgs
- Track: Nix and NixOS devroom
- Room: H.1302 (Depage)
- Day: Sunday
- Start: 10:30
- End: 10:55
- Video only: h1302
- Chat: Join the conversation!
Through vendoring, many packages in nixpkgs
end up including obsolete and vulnerable versions of their dependencies. This is especially prevalent for Rust, Go, JavaScript, Java and .NET software using strict lockfiles. How bad is the current situation really? What can nixpkgs
contributors do to improve it?
Speakers
Pierre Bourdon (delroth) |