Cool! Definitely think there’s room for an enterprise-targeted binary cache that can ship out security patches more quickly. The monorepo model + finite build infra definitely makes this a pain point.
I missed this in Jan, but at that time @grahamc responded that the plan would be to upstream security patches when possible in order to reduce the downstream burden of maintaining a large patchset.
I was trying to learn more about that effort but a quick search didn’t reveal an obvious github account used for this or some other method of following this. I was thinking I could find something like the NixOS nixpkgs-security bot, but for PRs.
Not sure if I just missed something - is there such an account or somewhere users can learn more about the status of this work?