Nixpkgs-update partners with Serokell and NLNet to add CVE reporting

I am excited that Serokell, the NLNet Foundation through their Next Generation Internet Zero Discovery initiative (NGI0 Discovery), and I have partnered on the project of adding CVE reporting to nixpkgs-update. NGI0 Discovery is made possible with financial support from the European Commission.

We will be working on adding a report to each new update proposal that indicates if the update fixes (or introduces) security issues known to the Common Vulnerabilities and Exposures (CVE) system.

If you are also interested in supporting nixpkgs-update development and infrastructure, please consider contributing on Patreon.


Failed approach to add types to Nix raised $3k in few days, and working updater got $0…
It seems like people are willing to pay for empty promises than to something real.

Hi, Volth.

I appreciate your support of and concern for nixpkgs-update! That Patreon page is new and wasn’t the main point of the post. It looks like only 10 people have clicked through to it so far. I don’t think this one link is close to comparable to the marketing done by the adding types project. In the future, I’ll do a dedicated fundraiser that I announce more broadly.

- Ryan

1 Like