Work on the Nixpkgs security tracker continues: In the next couple of months, @yannham @florentc from Tweag will implement publishing and configuring notifications for package maintainers and Nixpkgs users. The goal is to get the system closer to continuously running in production. @erethon will support us by making the deployment more robust and self-contained. See the notifications milestone for details on the scope, and the project board for more information on current progress.
Early feedback welcome! I’ll post updates here when there’s something notable to play around with.
This is part of a larger effort on improving supply chain security in Nixpkgs, which also involves activities by @infinisil @YorikSar @balsoft.