!etBYPdyCKgnXJSXexD:matrix.org

NixOS GSoC

247 Members
24 Servers

Load older messages


SenderMessageTime
20 Mar 2026
@clumsily6239:matrix.orgClumsily6239Hi all, I'm looking into the GSoC project for 'SBOM Accuracy and PURL Integration for Nixpkgs'. I noticed the mentor field is currently open on the ideas list, does anyone know who is the current mentor? I was reviewing the prior efforts and wanted to ask a few questions.09:44:38
@clumsily6239:matrix.orgClumsily6239* Hi all, I'm looking into the GSoC project for 'SBOM Accuracy and PURL Integration for Nixpkgs'. I noticed the mentor field is currently open on the ideas list, does anyone know who is the mentor? I was reviewing the prior efforts and wanted to ask a few questions.09:44:47
@fricklerhandwerk:matrix.orgfricklerhandwerkThis is the right place to ask those questions, the SBOM team will be delighted to help you out: https://matrix.to/#/#nixpkgs-sbom:matrix.org10:00:12
@clumsily6239:matrix.orgClumsily6239Oh, ty.10:03:26
@clumsily6239:matrix.orgClumsily6239Can we also propose our own ideas? Is that allowed?10:30:27
@not-jack:matrix.org@not-jack:matrix.orgYea10:59:07
@clumsily6239:matrix.orgClumsily6239I was looking at the list of ideas for GSoC, and came across the "Enhanced Patch Information Extraction" project. I read through the referenced issue, and there doesn’t seem to be a clearly enforced format for how patches are named or described, apart from some CVE-related patches including identifiers. I wanted to better understand what the intended goal of this project is, whether the focus is on standardizing how patches are described, extracting structured metadata from existing patches for downstream tools, or a combination of both.11:45:12
@roberthensing:matrix.orgRobert Hensing (roberth)A combination of both. Note that the ideas are just suggestions. Ultimately it's the submissions to GSoC that get reviewed12:05:36
@roberthensing:matrix.orgRobert Hensing (roberth)* A combination of both. Note that the ideas are just suggestions. Ultimately it's your submissions to GSoC that get reviewed12:05:45
@clumsily6239:matrix.orgClumsily6239Got it, thanks!12:19:29
@rosscomputerguy:matrix.orgTristan RossI believe I should be under that15:18:54
@rosscomputerguy:matrix.orgTristan RossYeah, I think that is one that I proposed when I was asked about GSoC ideas a while back. Some of it is there's patches which fixes CVE's but they do not contain a CVE name in it. So it would require identifying that. I've also thought about adding vulnerability or patch metadata to nixpkgs. This is very useful to be able to say where a patch comes from if it's a vendored file. There's also various other things that become useful which could be attached.15:22:17
@deckard_24:matrix.orgSwaraj Robert Hensing (roberth): Hi Robert! Just wanted to let you know that raf has agreed to be a mentor for the "Improved release notes for Nixpkgs" GSoC project! 15:43:00
@zspher:matrix.orgIan joined the room.16:21:52
@eouzoe:matrix.org曜日 set a profile picture.17:37:28
@elloutro:matrix.org@elloutro:matrix.org joined the room.19:56:04
21 Mar 2026
@clumsily6239:matrix.orgClumsily6239

Yeah, that makes sense, especially around tracking patches that fix CVEs which aren’t explicitly referenced.

I’ve been looking into extracting metadata from existing packages in nixpkgs (from URLs, comments, etc.). While that works to an extent, it clearly hits limits when the information isn’t present. Using nix eval to resolve patch lists also helps in some cases.

Right now I'm trying to output a JSON file that downstream tools can use. Long term, however, standardizing patch metadata into nixpkgs itself would be ideal.

04:32:57
@rosscomputerguy:matrix.orgTristan RossYeah, I've written an SBOM generation tool at work and it works very well. It generates the CycloneDX vulnerabilities list and that seems to work well with grype.04:34:27
@avali:avali.zoneAnnoyingRains joined the room.05:11:48
@avali:avali.zoneAnnoyingRainsHey all, I'm interested in finding a mentor for reviewing nixpkgs PRs! As a note, I'm located in Australia, so finding someone near my timezone would be great!05:19:52
@avali:avali.zoneAnnoyingRainsoh I think I am misunderstanding how this process works haha - first time doing gsoc05:22:54
@mutsuha_asada:matrix.orgMutsuha AsadaHello, I'm Mutsuha Asada. I major in computer science at University of Tsukuba, and I've been using Nix and NixOS since three years and contributing to nixpkgs a little. Interested in the theme of "Testing Dynamic Derivation", I'm reading relevant pull requests and RFCs.05:27:05
@mutsuha_asada:matrix.orgMutsuha Asada* Hello, I'm Mutsuha Asada. I major in computer science at University of Tsukuba, and I've been using Nix and NixOS for three years and contributing to nixpkgs a little. Interested in the theme of "Testing Dynamic Derivation", I'm reading relevant pull requests and RFCs.05:27:36
@avali:avali.zoneAnnoyingRains okay uh - take two:

Hey all! I've been a nixos user for a couple years now, and have learnt the nix language fairly well in that time, and gotten used to the nix tooling. I love this project, and want to help give back to it!
I've known about GSoC for a couple years now, but this will be my first time giving it a shot!

I'm interested in helping out with the nixpkgs PR review queue! My current plan would be to start with reviewing PRs (with assistance from a mentor) and then, when I have a little more experience, moving on to onboarding new nixpkgs contributors / package maintainers.

Please reach out if you're interesting in mentoring me for this - I'd love to help out the project that I gain so much from!
06:07:49
@avali:avali.zoneAnnoyingRainsI'd also like help in workshopping my proposal to be more interesting to Google06:08:20
@haschwalth00b:matrix.orgSrivatsa joined the room.10:31:41
@lisanna-dettwyler:matrix.orgLisannaUpdate on the remote building protocol refactor, after discussion with the Nix maintainers the project is being replaced with a tangential idea to extend stores and eliminate the build hook. See https://github.com/NixOS/GSoC/pull/4514:47:55
@haschwalth00b:matrix.orgSrivatsaHi! just submitted my GSoC proposal for the Review Nixpkgs PRs project (350h). I've been using NixOS for about a year and have a couple of small contributions to nixpkgs and nix.dev. Would really appreciate connecting with a mentor and getting any feedback on my proposal. GitHub is github.com/Haschwalth00B 16:12:43
@danlual2020:matrix.orgDaniel Lual Akoon joined the room.18:09:51
@danlual2020:matrix.orgDaniel Lual Akoon Hello everyone, My name is Daniel Lual from South Sudan but currently study in Indonesia doing a bachelor of Informatics Engineering in State University of Semarang. As the founder of Dann Foundation, I built a website where students from South Sudan have access to opportunities like scholarships but on the journey when I was building this website I have experience a lot of bugs and errors before my site was deployed. As a result of that, I debugged until my website was deployed online as per now. With due diligence, I am enthusiastically interested to work with NixOS in GSoC program. Get to expand my knowledge on how to be a best developer ever. this is the link of my website dannfoundation.net
Thanks
18:12:05

Show newer messages


Back to Room ListRoom Version: 10