Hi, I’m completely new to Nixos, so please excuse my ignorance
but, what is the policy regarding cve or security issues in the stable release of NixOS 19.09? Are fixes backported or is the package upgraded to the next release?
I noticed cupsd is on version 2.2.12, while in December version 2.2.13 was released with a security fix (CVE-2019-2228). But, I did not see this in the list mentioned above.
(I split your question into its own topic.)
The previous stable version is usually supported with backports (security or otherwise) for about 1 month after the latest stable version release. That said, it is a community effort to do the backports, we don’t have anyone working on it full time or anything.
Is the question about what to do with the 19.09 package?
I’d say option 2. has low enough chance of breaking anything and doesn’t require much work so I’d go with that. Though I’m quite new here too so someone more experienced please correct me if that’s not right.