How are packages marked as insecure? I assume that’s from some sort of automatic build process? Is that done in Hydra (https://hydra.nixos.org/)? Or is that from manual, or a lack of manual review?
- 1 Post
- 2 Comments
Joined 4 years ago
Cake day: February 22nd, 2021
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I didn’t find anything concrete, but it seems that a package is automatically marked insecure if it has a dependency that has a known CVE. I wonder how that is done.