Would be cool to have processes and docs for post-mortems of malware entering nixpkgs. This would help visibility, and likely help convince management in situations like the OP’s (I expect the number of incidents to be very small).
1 Like