[Nix-dev] [***SPAM***] Nixpkgs-Monitor service is online

[Michael Raskin]

>I'd like to unveil this new service, which will hopefully help us keep Nix stuff fresh and 
>secure: http://vdmvtkitqc3grub6.onion.to/
>
>This is a yesterday's scan result, it may go offline for 5-30 minutes several times per day 
>as I'm working on improving it.

Do you plan to publish the scripts so anyone would be able to run 
a quick check on a few packages locally?

I abandoned my plans to integrate a couple of distribution auto-updaters
(Debian, Gentoo) with NixPkgs precisely because they need some remote 
server to work.

>I'd like some feedback and suggestions.
>
>The ultimate goal of this project is not only make us more efficient and make you all drop 
>your custom updater scripts in favor of this tool.

If you want anyone to drop updater scripts, you need your service to be 
able to write updated expressions…

>I wanted to identify the dark corners of nixpkgs which lack developer attention. Coverage 
>and maintainer reports are a part of this plan. Other parts should be completed by the 
>weekend. I'll write about it in another email.

What is coverage? Coverage by nixos tests? Because I am not sure now…

Also, I think even my update-walker update script has a more predictable
version comparison (1.0.1c vs 1.0.1e) than your current CVE checker, but
having any CVE checker is great in any case, thanks for implementing 
this.