Remediating thousands of untracked security vulnerabilities in nixpkgs
- Track: Nix and NixOS devroom
- Room: H.1302 (Depage)
- Day: Sunday
- Start: 10:30
- End: 10:55
- Video only: h1302
- Chat: Join the conversation!
Through vendoring, many packages in nixpkgs end up including obsolete and vulnerable versions of their dependencies. This is especially prevalent for Rust, Go, JavaScript, Java and .NET software using strict lockfiles. How bad is the current situation really? What can nixpkgs contributors do to improve it?
Speakers
 |
Pierre Bourdon (delroth) |