Since I had decided to give NixOS a try for a server and some others, I started checking security issues on Nixpkgs. Then I found that some of the vulnerability roundups are no longer relevant or covered by newer ones. Some examples:
- Vulnerability roundup 58: libsass-3.5.5: 3 advisories:
- Vulnerability roundup 61: flex-2.6.4: 1 advisory:
- Is triaging such cases on the issue tracker helpful for the security team and the whole community, or is it just noise?
- If it is desired, which is better for reporting, commenting on each issue, or a Discourse topic?