Getting rid of piled up security PRs

Hey all,

I’ve recently got merge rights and I’m planning to use my newly-gained powers to get on top of the security PR backlog. Stuck security fixes don’t provide value for our users and frustate the authors.

As my time is limited, I should be by no means the only person merging security PRs of course. Ad-hoc coordination takes place in #nixos-security on IRC.

I would be glad when also devs without merge right could help out. I’d encourage everyone to do independent reviews. Try out a patched version and comment your findings on the issue. This can significantly speed up the process.

Let’s make NixOS a distribution which delivers security fixes timely. :slight_smile: