gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pkgs/README: clarify active committer role for browsers

Browse Source 
A small carification of what "active committer" actually means for
security-critical, fast-moving packages.
This commit is contained in:
Wolfgang Walther
2025-10-19 11:55:38 +02:00
parent b6845425dc
commit 32a1561a8b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/README.md
View File

@@ -58,7 +58,7 @@ Because entries in the Nix store are inert and do nothing by themselves, package
For example:
* Any package which does not follow upstream security policies should be considered vulnerable.
In particular, packages that vendor or fork web engines like Blink, Gecko or Webkit need to keep up with the frequent updates of those projects.
* Any security-critical fast-moving package such as Chrome or Firefox (or their forks) must have at least one active committer among the maintainers.
* Any security-critical fast-moving package such as Chrome or Firefox (or their forks) must have at least one committer among the maintainers, who actively reviews, merges and backports updates.
This ensures no critical fixes are delayed unnecessarily, endangering unsuspecting users.
* Services which typically work on web traffic are working on untrusted input.
* Data (such as archives or rich documents) commonly shared over untrusted channels (e.g. email) is untrusted.