Chris Marusich writes: > Christopher Baines writes: > >> In terms of looking at security from a project perspective, I'm thinking >> about these kinds of needs/questions: >> >> - What security issues affect this revision of Guix? (latest or otherwise) >> >> - How do Guix contributors find out about new security issues that >> affect Guix revisions they're interested in? >> >> From the user perspective, I want to look at things like: >> >> - How do I find out what (if any) security issues affect the software >> I'm currently running (through Guix)? >> >> - How can I get notified when a new security issue affects the software >> I'm currently running (through Guix)? >> >> Please let me know if you have any comments or questions! > > I think this is a great plan! The last two points in particular are > particularly useful, I think. > > Everyone needs security. I think Guix is in a unique position where it > is so easy to modify packages that (in theory, at least) anyone who > cares can figure out how to submit a change to upgrade and fix security > vulnerabilities. > > People and companies are more likely to go out of their way to fix > packages they care about. Therefore, making it easy to identify > vulnerabilities in specifically the packages they care about, and making > it easier to get involved in the community to fix them, are important > goals. Cool :) While it's not directly security related, I really want the subscriptions functionality I'm planning to work on to be done so that people can subscribe to things related to the packages they use, like new versions becoming available, or the build breaking for example, as that might help people stay involved. Chris