As a non-native speaker:
Security roundup does sound like a herbicide, which is good (we have
“Roundup” in France too)
Security survey sounds like a poll, which sounds weird
Security assessment and security review both sound like checking the
code of Nixpkgs, not of the packages defined by Nixpkgs
I don’t know how other distros call these, but debian has Debian
Security Advisories that tell people what security updates have been
done, in the same way as most distros appear to have “*** Security
Advisory”. This is not the same as “unfixed vulnerabilities”, though.
TL;DR: as a non-native the one I find least surprising in the current
proposals is “Security roundup”: it doesn’t already have a meaning I’d
have to fight against.
But there’s maybe a way to find a better word?
Then, TBH I think the whole concept of vulnerability roundup is an issue
we have: vulnerabilities should be reported as they’re added and we
should either handle them (and send a Nixpkgs Security Advisory when
they’re fixed) or mark them as “not important” and stop caring about
them. Seen a nice talk from the Debian security team… but it’s in
french. If people are interested nevertheless, it’s at . I must say I
don’t remember all the details, but my current internet connection is
too slow for me to look at it again, so…