Nixpkgs-update looking for European collaborator


nixpkgs-update automates the updating of software packages in the nixpkgs software repository. It is a Haskell program. In the last year, about 5000 package updates initiated by nixpkgs-update were merged.

Earlier this year, I applied for a funding under the EU Next Generation Internet initiative to improve nixpkgs-update:

My proposal (which has not been approved yet) is to add report of CVEs fixed by an update to each pull request made by nixpkgs-update. The proposal committee likes the idea, but their requirements make it easier to fund proposals that have participants in Europe, and I am located in the USA.

I am looking for someone who:

  • is based in Europe
  • has some Haskell experience
  • has some nixpkgs experience

If the proposal is approved, I would be working closely with whomever participates. Pay would be based on time worked. If you are interested in participating, please email me (ryan at ryantm dot com).

If you have any questions about the job or proposal, please feel free to reply below!

- Ryan



Not sure whether you may have been contacted in private by now. The Flying Circus is based in Germany so formally we’d qualify. The topic is also quite interesting to as as we maintain longer lived stabled branch(es) of the nixpkgs repository for our work and are looking for ways to streamline the work for that. We also work on the Vulnix utility which has an interest in being informed about CVEs that are fixed in packages …

However, we’re a bit tight on time currently so even though I could imagine offering a partnership, I don’t have a person around that could help (also, our zoo of languages doesn’t actively involve Haskell at the moment :wink: ).

If you like to talk I’m happy to help bouncing ideas around. I could also imagine that we could employ someone part time (or maybe freelance) to help with getting funding.

Hi, @ctheune.

(Sorry for the slow reply, my whole family, including me, have been sick for a week.)

Thanks for your interest and your support of Vulnix! It is one of the tools I said I would investigate as part of the project. As we get a more concrete design or prototype for reporting CVEs, we’ll send what we have over to you so you or your team can take a look!

As for helping with the implementation, I believe I have an appropriate and interested party lined up. People who are interested in working on the project should still email me though, because we haven’t finalized anything yet.


Sure, let me know if that doesn’t work out …

Update: I have found a European collaborator. Probably we’ll have more to announce in a couple weeks.