Find a more disctinctive name for "Nix security issue" #176

New issue

Open

opened 2024-09-23 10:07:00 +00:00 by fricklerhandwerk · 3 comments

fricklerhandwerk commented 2024-09-23 10:07:00 +00:00 (Migrated from github.com)

Copy link

Our main data object is what we currently call an "issue", but this is confusing if you don't know how the system works.

Really what it is is a record that maps a CVE to a Nixpkgs attribute set that encodes a package.

Come up with a better name to establish across the code and documentation.

Our main data object is what we currently call an "issue", but this is confusing if you don't know how the system works. Really what it is is a record that maps a CVE to a Nixpkgs attribute set that encodes a package. Come up with a better name to establish across the code and documentation.

fricklerhandwerk commented 2024-09-27 09:10:35 +00:00 (Migrated from github.com)

Copy link

What about:

• vulnerability record
• security ticket

What about: - vulnerability record - security ticket

erictapen commented 2024-10-01 12:36:47 +00:00 (Migrated from github.com)

Copy link

I'd like to find a name here, that describes our role in the data flow:

• We ingest CVEs
• enrich them with metadata like affected packages, comments, etc) if it seems relevant
• eventually turn it into a Nixpkgs GitHub issue if we are convinced they pose a security issue

At the same time it would be nice to have something that explains itself when seen in the wild without further context. So it should be obvious from first glance that it is about Nix and Security.

What comes to my mind here:

• Nix Security Hunch
• Nix Security Candidate
• Nix Security Suspect

I'd like to find a name here, that describes our role in the data flow: - We ingest CVEs - enrich them with metadata like affected packages, comments, etc) *if it seems relevant* - eventually turn it into a Nixpkgs GitHub issue *if we are convinced they pose a security issue* At the same time it would be nice to have something that explains itself when seen in the wild without further context. So it should be obvious from first glance that it is about **Nix** and **Security**. What comes to my mind here: - Nix Security Hunch - Nix Security Candidate - Nix Security Suspect

fricklerhandwerk commented 2025-04-29 09:20:16 +00:00 (Migrated from github.com)

Copy link

• tracker record ???

- tracker record ???

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

npins-auto-update

No results found.

Labels

Clear labels   

automation

  

backend

something the web server needs to provide the frontend with

  

bug

Something isn't working

  

contributor experience

  

data

something about quality or quantity of ingested data

  

deployment

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

nice to have

Nice to have, but not necessary for the time being

  

notifications

  

package maintainer

user story for package maintainers

  

performance

  

skin

Anything related to the visual presentation

  

tech debt

Activities that reduce tech debt

  

user story

description or implementation of a workflow

No labels

automation

backend

bug

contributor experience

data

deployment

documentation

duplicate

good first issue

help wanted

nice to have

notifications

package maintainer

performance

skin

tech debt

user story

Milestone

Clear milestone

No items

No milestone

Nice to have

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lix-community/nix-security-tracker#176

No description provided.