__Sander__ has quit [Quit: Konversation terminated!]
qyliss has quit [Quit: bye]
qyliss has joined #nixos-security
qyliss has quit [Remote host closed the connection]
qyliss has joined #nixos-security
<ddima>
I'd still appreciate some pointers or guidance on my question from two days ago.
<flokli>
ddima: I think it's mostly a problem of actually receiving notifications for events on these issues.
<flokli>
we might want to introduce a security-related group in nixpkgs, and have the vuln roundup tool automatically mention that group
<flokli>
gchristensen: wdyt?
<flokli>
ddima: for the time being, can you link the issues you're referring to?
<globin>
ddima: also feel free to ping me for now on github
<ddima>
flokli: that would be nice, if the group can shoulder the workload. an automatic tool is nice, but with it's insufficiencies it becomes important to separate signal from noise quickly. more than with other prs/issues I find it a bit problematic when things pile up and conplicate the overview - also makes it harder to effectively help out with this type of issue.
<ddima>
Maybe it could also make sense to have a slightly less privileged group of contributors who can at least manage labels (via the triage permission in GH iirc) to proactively mark things as dups or fps without the trust required for a write access.
<ddima>
globin: thanks! will do when I look at some more.