this post was submitted on 25 Jun 2023
13 points (100.0% liked)

nixos

1262 readers
3 users here now

All about NixOS - https://nixos.org/

founded 4 years ago
13
Who makes Nix packages? (lemmy.ml)
submitted 1 year ago by [email protected] to c/[email protected]
9 comments fedilink hide all child comments
 

I'm new to Nix and wanted to get my feet wet by using the Nix package manager. However, I wasn't sure how these packages were made. Are these packaged by the community? Who do I need to "trust" when installing these packages? In general, I was looking for info on how nix packages are made and maintained.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago

I didn't find anything concrete, but it seems that a package is automatically marked insecure if it has a dependency that has a known CVE. I wonder how that is done.