Getting rid of piled up security PRs

Hey all,

I’ve recently got merge rights and I’m planning to use my newly-gained powers to get on top of the security PR backlog. Stuck security fixes don’t provide value for our users and frustate the authors.

As my time is limited, I should be by no means the only person merging security PRs of course. Ad-hoc coordination takes place in #nixos-security on IRC.

I would be glad when also devs without merge right could help out. I’d encourage everyone to do independent reviews. Try out a patched version and comment your findings on the issue. This can significantly speed up the process.

Let’s make NixOS a distribution which delivers security fixes timely. :slight_smile:


I underestimated how much work it is. The pile is still there, but we’re making progress. :slight_smile:

What really seems to have improved is that more people make comments like “I tried it” or “I can confirm”. They may look little, but is a great help for maintainers. So please keep up. We’re getting on top of this.