after having quite a bit of discussion here in discourse, on NixCon and in IRC I’d try a different ticket format. Vulnerability roundup 51 is split in 6 tickets:
- https://github.com/NixOS/nixpkgs/issues/49784 (binutils)
- https://github.com/NixOS/nixpkgs/issues/49785 (libtasn1)
- https://github.com/NixOS/nixpkgs/issues/49786 (libtiff)
- https://github.com/NixOS/nixpkgs/issues/49787 (ncurses)
- https://github.com/NixOS/nixpkgs/issues/49788 (openjpeg)
- https://github.com/NixOS/nixpkgs/issues/49789 (samba)
Each ticket is intended to track updating, patching and backporting of that specific package independently.
I’m not sure if that is an improvement compared to the old roundups (all in one large ticket), so I’m glad to hear everyone’s opinions on this.
- Scales better. The goal is to have many people working on security in parallel.
- Track updating/patching/backporting independently per package.
- Per-package discussion about patch availability etc.
- More tickets. It will be harder to keep an overview.