GitHub have diagnosed and fixed the primary remaining cause of replication issues. Apparently, our diligent r-ryantm bot was causing replication issues because the API to open PRs did not automatically sync Git objects from a fork to the shared Nixpkgs fork network repository. This was something that affected repositories all over GitHub, and has now been fixed on their backend.
GitHub confirmed that they consider the scalability issues resolved and we donāt have any more scheduled calls with them, although we will keep the point of contact available and they will get in touch if anything comes up. We also have the merge conflict label job running again.
Weāre looking at creating a formal team around package provenance and SBOMs. This team would be delegated authority and responsibility to work on a design and implementation to improve Nixpkgs security and assist vulnerability tracking without unduly burdening maintainers, impacting performance, or letting tricky dependencies like those hidden inside fixedāoutput derivations fall through the cracks. Weāve already reached out to some prospective candidates, but invite anyone else interested in working on this upstream in Nixpkgs to reach out.
Oh this is why Iām suddenly subscribed to all kinds of bullshit marketing mailing lists from GitHub? Lol I thought I clicked something by accident. Can we make sure we bulk unsubscribe everyone somehow? I unsubscribed myself now but would be nice to not spam people with marketing
Have already posted updates about this on Matrix but should probably mention here as well: weāve been in contact with GitHub about the marketing emails. They are on board with not sending them to open source projects. Theyāre working on it but do not have an immediate fix.
Iām getting about one email per day, to each my email addresses in GitHub (about 20 in total).
Iāve unsubscribed from all marketing emails in my address settings (which you have to do on a per-address basis), however that seems to be ignored.
Nor are the unsubscribe links in the emails working, those all lead to pages with 404 errors.
The same is true for the link in the List-Unsubscribe header.
And unsubscribing using the email address in that header also doesnāt seem to work.
The ānuclear optionā that should actually solve this problem is leaving the Enterprise.
Letās see whether that actually stops them from sending me unsolicited emails.
I actually reached out to GitHub support about this because Iām in the same situation: I have unsubscribed manually from all my emails, and the unsubscribe link returns 404.
Got this as a reply (which is how I figured out it was because of NixOS):
Thanks for reaching out to GitHub Support. Iām sorry to hear about those unwanted emails. I believe that these are āonboardingā emails sent to admins in new accounts, which in you case appears to be the NixOS organization. We have heard from other members of the NixOS organization and well and are looking into this. As for unsubscribing, were you trying to do this from a mobile device? We have heard from other users that the mobile unsubscribe link returns a 404, but the same link on desktop will work. If you are unable to unsubscribe still let me know and I can forward the request to unsubscribe all of your email addresses.
Iāve asked them to unsubscribe me manually, letās see if that works on my case.
Leaving the enterprise didnāt help.
I received additional unsolicited email today.
Given that Iām by no means an admin of the NixOS org / enterprise, so I donāt know why I would get any onboarding emails that are sent to admins.
I tried unsubscribing on desktop, that doesnāt help.
How did you contact github support?
I didnāt find a way to actually reach them.
If you want to go even more nuclear you can write an email to github support and mention the CAN-SPAM act and reporting them to the FTC. Itās not very polite but when unsubscribe links donāt work sometimes itās your only option.
