I’m new to Nix and wanted to get my feet wet by using the Nix package manager. However, I wasn’t sure how these packages were made. Are these packaged by the community? Who do I need to “trust” when installing these packages? In general, I was looking for info on how nix packages are made and maintained.

  • agile_squirrelOP
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I didn’t find anything concrete, but it seems that a package is automatically marked insecure if it has a dependency that has a known CVE. I wonder how that is done.