Security page on nixos.org is outdated


#1

The security page is out of date. It links to a dead google group and does not link to this page itself, the IRC, nor the GitHub under the security tag.

This outdated security page presents NixOS as insecure at first glance, making it less defensible industrially, regardless of the quality of the NixOS security community. Recommendation is to update the two sentences on the page to accurately reflect the current state of NixOS security.

tl;dr A dead google group is not a good look. Linking here and to the GitHub from the security page will better reflect the quality of NixOS security.


#2

When I tried to send a message to the security team recently, I found that one of the keys had been revoked, too.


#3

I’ve opened https://github.com/NixOS/nixos-homepage/issues/251 to track
these two issues.

Feel free to send in a PR fixing that with better wording :slight_smile:


#4

Which key was broken?


#5