Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC 0127] Nixpkgs "problem" infrastructure #127

Merged
merged 25 commits into from
Jul 12, 2023
Merged

[RFC 0127] Nixpkgs "problem" infrastructure #127

merged 25 commits into from
Jul 12, 2023

Conversation

piegamesde
Copy link
Member

@piegamesde piegamesde commented Jun 11, 2022
edited
Loading

Rendered

Implementation PR

Matrix discussion room: #nixos-rfc-127:lossy.network

Pre-RFC discussion

Discussion notice: please try to attach all discussions to a thread by using the code review feature. If your comment doesn't refer a specific line to attach to, use the header line instead.

piegamesde added a commit to piegamesde/rfcs-1 that referenced this pull request Jun 11, 2022
@piegamesde
[RFC 0127] Nixpkgs issues and warnings (NixOS#127)
599ddf0
piegamesde added a commit to piegamesde/rfcs-1 that referenced this pull request Jun 11, 2022
@piegamesde
[RFC 0127] Nixpkgs issues and warnings (NixOS#127)
139b681
piegamesde added a commit to piegamesde/rfcs-1 that referenced this pull request Jun 11, 2022
@piegamesde
[RFC 0127] Nixpkgs issues and warnings (NixOS#127)
97f2e8f
@piegamesde piegamesde mentioned this pull request Jun 11, 2022
Open
13 tasks
piegamesde added a commit to piegamesde/rfcs-1 that referenced this pull request Jun 11, 2022
@piegamesde
[RFC 0127] Nixpkgs issues and warnings (NixOS#127)
ec27165
@edolstra edolstra changed the title [RFC 0127] Nixpkgs issues and warnings (#127) [RFC 0127] Nixpkgs issues and warnings Jun 15, 2022
@edolstra edolstra added status: open for nominations Open for shepherding team nominations and removed status: new labels Jun 15, 2022
@edolstra
Copy link
Member

This RFC is now open for shepherd nominations!

@lheckemann
Copy link
Member

I nominate myself as a shepherd for this RFC.

@edolstra edolstra mentioned this pull request Jun 15, 2022
Closed
22 tasks
@mweinelt
Copy link
Member

I will also nominate myself as shepherd.

@wamserma
Copy link
Member

widen the scope of names for auto-inferred kinds

I think given the existence of auto-inference, expanding the scope should be non-controversial enough to review as the implementation becomes technically ready for inclusion? Maybe mention in future work.

Definitely. We should just be careful to keep that path open in the RFC.

@mweinelt
Copy link
Member

mweinelt commented Jun 20, 2023
edited
Loading

Linking to NVD is not the best URL I could imagine. When it comes to security issues, advisories are often a far better understandable resource, than a central database that advertises CVSS scores, which are often so-so.

Hence, I don't think auto-referencing NVD is really important here.

@7c6f434c
Copy link
Member

Linking to NVD is not the best URL I could imagine. When it comes to security issues, advisories are often a far better understandable resource, than a central database that advertises CVSS scores, which are often so-so.

As NVD usually has more or less reasonable summary and links to better write-ups, I think auto-linking NVD when there is no better link provided is useful (and fetching their links is impure so can't be done within Nix).

@RaitoBezarius
Copy link
Member

Linking to NVD is not the best URL I could imagine. When it comes to security issues, advisories are often a far better understandable resource, than a central database that advertises CVSS scores, which are often so-so.

As NVD usually has more or less reasonable summary and links to better write-ups, I think auto-linking NVD when there is no better link provided is useful (and fetching their links is impure so can't be done within Nix).

I feel like this is security team's call to decide what to do on this and is tangent to this RFC though.
In some future, we could have our own security tracker and those would be naturally the goto URLs.

@piegamesde
Copy link
Member Author

The url field is an array for a reason. We can link to NVD and advisories and Nixpkgs-specific issues all at once.

About generating those automatically, I don't know. I'm not a fan of doing some fuzzy matching on inputs in general, and also is pasting in a link every blue moon really so much effort that it is worth automating away? (https://xkcd.com/1205/ says no)

@wamserma
Copy link
Member

Linking to NVD is not the best URL I could imagine. When it comes to security issues, advisories are often a far better understandable resource, than a central database that advertises CVSS scores, which are often so-so.

I agree with you on the quality statement. :)
My intention was that there should be at least a pointer to further resources when no URL is given.

@kevincox kevincox added status: FCP in Final Comment Period and removed status: in discussion labels Jun 26, 2023
@kevincox kevincox mentioned this pull request Jun 28, 2023
Closed
45 tasks
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/tweag-nix-dev-update-50/29793/1

@piegamesde piegamesde mentioned this pull request Jun 30, 2023
Merged
13 tasks
@edolstra edolstra merged commit 8c86187 into NixOS:master Jul 12, 2023
@edolstra edolstra mentioned this pull request Jul 12, 2023
Closed
33 tasks
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/tweag-nix-dev-update-51/30870/1

@RaitoBezarius RaitoBezarius mentioned this pull request Aug 13, 2023
Closed
12 tasks
@piegamesde piegamesde deleted the rfc-127 branch August 14, 2023 10:08
@infinisil infinisil added status: accepted and removed status: FCP in Final Comment Period labels Aug 23, 2023
@RaitoBezarius RaitoBezarius mentioned this pull request Nov 5, 2023
Closed
9 tasks
@Atemu Atemu mentioned this pull request Feb 28, 2024
Merged
13 tasks
@AndersonTorres AndersonTorres mentioned this pull request Mar 5, 2024
Draft
14 tasks
@AndersonTorres AndersonTorres mentioned this pull request Mar 13, 2024
Open
13 tasks
@MinerSebas MinerSebas mentioned this pull request Mar 17, 2024
Open
KAction pushed a commit to KAction/rfcs that referenced this pull request Apr 13, 2024
@piegamesde @lheckemann @infinisil
[RFC 0127] Nixpkgs "problem" infrastructure (NixOS#127)
5f2f0f6 
* [RFC 0127] Nixpkgs issues and warnings (NixOS#127)

* Add URLs as structured information

* Update rfcs/0127-issues-warnings.md

Co-authored-by: Linus Heckemann <git@sphalerite.org>

* Update rfcs/0127-issues-warnings.md

Co-authored-by: Linus Heckemann <git@sphalerite.org>

* Update rfcs/0127-issues-warnings.md

Co-authored-by: Linus Heckemann <git@sphalerite.org>

* Update rfcs/0127-issues-warnings.md

Co-authored-by: Linus Heckemann <git@sphalerite.org>

* Update rfcs/0127-issues-warnings.md

Co-authored-by: Linus Heckemann <git@sphalerite.org>

* Update rfcs/0127-issues-warnings.md

* RFC 127 update shepherds

* RFC 127 rework

* Point out that the previous warnings system was not documented

* Rework ignore mechanism

* Update rfcs/0127-issues-warnings.md

Co-authored-by: Silvan Mosberger <github@infinisil.com>

* Update rfcs/0127-issues-warnings.md

Co-authored-by: Silvan Mosberger <github@infinisil.com>

* Remove "resolved" attribute again

* Incorporate review feedback

* Rewrite (again)

* Rename throw->error, trace->warn

* Make meta.problems an attrset

* Rewrite *again*, most change is in the configuration options

* Review update (WIP)

* Review update

* Update shepherds list

* Meeting update

* Typos

---------

Co-authored-by: Linus Heckemann <git@sphalerite.org>
Co-authored-by: Silvan Mosberger <github@infinisil.com>
@AndersonTorres AndersonTorres mentioned this pull request Jun 11, 2024
Merged
13 tasks
This was referenced Jul 14, 2024
Merged
Open
@AkechiShiro AkechiShiro mentioned this pull request Aug 29, 2024
Open
13 tasks
@Atemu Atemu mentioned this pull request Oct 6, 2024
Open
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YoshiRulz YoshiRulz YoshiRulz left review comments

@bew bew bew left review comments

@fgaz fgaz fgaz left review comments

@mweinelt mweinelt mweinelt left review comments

@ckiee ckiee ckiee requested changes

@quantenzitrone quantenzitrone quantenzitrone left review comments

@edolstra edolstra edolstra left review comments

@matthiasbeyer matthiasbeyer matthiasbeyer requested changes

@lheckemann lheckemann lheckemann left review comments

@RaitoBezarius RaitoBezarius RaitoBezarius approved these changes

@infinisil infinisil infinisil approved these changes

@7c6f434c 7c6f434c 7c6f434c left review comments

@sternenseemann sternenseemann sternenseemann left review comments

@JulienMalka JulienMalka JulienMalka approved these changes

@adamcstephens adamcstephens adamcstephens approved these changes

@roberth roberth Awaiting requested review from roberth

Assignees
No one assigned
Labels
status: accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.