I’ve recently got merge rights and I’m planning to use my newly-gained powers to get on top of the security PR backlog. Stuck security fixes don’t provide value for our users and frustate the authors.
As my time is limited, I should be by no means the only person merging security PRs of course. Ad-hoc coordination takes place in #nixos-security on IRC.
I would be glad when also devs without merge right could help out. I’d encourage everyone to do independent reviews. Try out a patched version and comment your findings on the issue. This can significantly speed up the process.
Let’s make NixOS a distribution which delivers security fixes timely.