Just a heads-up, all your links to your Flakehub pages for the package sets in the article are effectively 404s.
I suspect the links are correct, but that they need additional authorization to see.
Are there any more details than what’s in the post on those pages?
That’s a good point re: auth for those links. That’s a silly oversight and I’ll change those URLs. They’re just links to flake landing pages like this: FlakeHub.
I know nothing about requirements such as SOC 2 Type II (or whatever the correct spelling is) and I can only imagine the cost of tending to supply chain security for a large company with a product that “matters”. It seems like DetSys has been working towards unblocking the adoption of Nix for players that can benefit a lot from it and end up contribute upstream.
Unless we want Nix to be our little secret, I think we should applaude DetSys for their efforts 
and wish them good fortune.
Cool! Definitely think there’s room for an enterprise-targeted binary cache that can ship out security patches more quickly. The monorepo model + finite build infra definitely makes this a pain point.
I missed this in Jan, but at that time @grahamc responded that the plan would be to upstream security patches when possible in order to reduce the downstream burden of maintaining a large patchset.
I was trying to learn more about that effort but a quick search didn’t reveal an obvious github account used for this or some other method of following this. I was thinking I could find something like the NixOS nixpkgs-security bot, but for PRs.
Not sure if I just missed something - is there such an account or somewhere users can learn more about the status of this work?
Cool! Is it possible to build a NixOS system based on determinate secure packages?
Yes! Everything necessary for a baseline NixOS system is in our covered package set.