Security page on nixos.org is outdated

ekalosak · November 14, 2018, 2:45am

The security page is out of date. It links to a dead google group and does not link to this page itself, the IRC, nor the GitHub under the security tag.

This outdated security page presents NixOS as insecure at first glance, making it less defensible industrially, regardless of the quality of the NixOS security community. Recommendation is to update the two sentences on the page to accurately reflect the current state of NixOS security.

tl;dr A dead google group is not a good look. Linking here and to the GitHub from the security page will better reflect the quality of NixOS security.

qyliss · November 14, 2018, 9:17am

When I tried to send a message to the security team recently, I found that one of the keys had been revoked, too.

Ekleog · November 14, 2018, 12:36pm

I’ve opened Security page is outdated · Issue #251 · NixOS/nixos-homepage · GitHub to track
these two issues.

Feel free to send in a PR fixing that with better wording

ekalosak · November 15, 2018, 6:35am

Which key was broken?

qyliss · November 15, 2018, 9:42am

https://github.com/NixOS/nixos-homepage/issues/174