NixOS GSoC | 250 Members | |
| 24 Servers |
| Sender | Message | Time |
|---|---|---|
| 19 Mar 2026 | ||
| 19:52:02 | ||
| 20:27:50 | ||
| The review idea is a bit unorthodox if Google were to judge it by its title. I'd recommend to give it a twist, pick a particular set of packages, or a particular approach, perhaps automation. | 22:34:50 | |
| We don't have a designated mentor for this, but someone can still jump in. Knowing a mentor is not a requirement for submitting a proposal to GSoC | 22:36:28 | |
| Omoruyi Osakue: Could you tell me who the mentor is Review Nixpkgs PRs or am I too late? | 22:42:22 | |
| We don't have a designated mentor for this yet, but otoh this is our main activity so I don't think that should deter you | 23:04:29 | |
| 20 Mar 2026 | ||
| 05:22:18 | ||
| Hi all, I'm looking into the GSoC project for 'SBOM Accuracy and PURL Integration for Nixpkgs'. I noticed the mentor field is currently open on the ideas list, does anyone know who is the current mentor? I was reviewing the prior efforts and wanted to ask a few questions. | 09:44:38 | |
| * Hi all, I'm looking into the GSoC project for 'SBOM Accuracy and PURL Integration for Nixpkgs'. I noticed the mentor field is currently open on the ideas list, does anyone know who is the mentor? I was reviewing the prior efforts and wanted to ask a few questions. | 09:44:47 | |
| This is the right place to ask those questions, the SBOM team will be delighted to help you out: https://matrix.to/#/#nixpkgs-sbom:matrix.org | 10:00:12 | |
| Oh, ty. | 10:03:26 | |
| Can we also propose our own ideas? Is that allowed? | 10:30:27 | |
| Yea | 10:59:07 | |
| I was looking at the list of ideas for GSoC, and came across the "Enhanced Patch Information Extraction" project. I read through the referenced issue, and there doesn’t seem to be a clearly enforced format for how patches are named or described, apart from some CVE-related patches including identifiers. I wanted to better understand what the intended goal of this project is, whether the focus is on standardizing how patches are described, extracting structured metadata from existing patches for downstream tools, or a combination of both. | 11:45:12 | |
| A combination of both. Note that the ideas are just suggestions. Ultimately it's the submissions to GSoC that get reviewed | 12:05:36 | |
| * A combination of both. Note that the ideas are just suggestions. Ultimately it's your submissions to GSoC that get reviewed | 12:05:45 | |
| Got it, thanks! | 12:19:29 | |
| I believe I should be under that | 15:18:54 | |
| Yeah, I think that is one that I proposed when I was asked about GSoC ideas a while back. Some of it is there's patches which fixes CVE's but they do not contain a CVE name in it. So it would require identifying that. I've also thought about adding vulnerability or patch metadata to nixpkgs. This is very useful to be able to say where a patch comes from if it's a vendored file. There's also various other things that become useful which could be attached. | 15:22:17 | |
| Robert Hensing (roberth): Hi Robert! Just wanted to let you know that raf has agreed to be a mentor for the "Improved release notes for Nixpkgs" GSoC project! | 15:43:00 | |
| 16:21:52 | ||
| 17:37:28 | ||
| 19:56:04 | ||
| 21 Mar 2026 | ||
| Yeah, that makes sense, especially around tracking patches that fix CVEs which aren’t explicitly referenced. I’ve been looking into extracting metadata from existing packages in nixpkgs (from URLs, comments, etc.). While that works to an extent, it clearly hits limits when the information isn’t present. Using Right now I'm trying to output a JSON file that downstream tools can use. Long term, however, standardizing patch metadata into nixpkgs itself would be ideal. | 04:32:57 | |
| Yeah, I've written an SBOM generation tool at work and it works very well. It generates the CycloneDX vulnerabilities list and that seems to work well with grype. | 04:34:27 | |
| 05:11:48 | ||
| Hey all, I'm interested in finding a mentor for reviewing nixpkgs PRs! As a note, I'm located in Australia, so finding someone near my timezone would be great! | 05:19:52 | |
| oh I think I am misunderstanding how this process works haha - first time doing gsoc | 05:22:54 | |
| Hello, I'm Mutsuha Asada. I major in computer science at University of Tsukuba, and I've been using Nix and NixOS since three years and contributing to nixpkgs a little. Interested in the theme of "Testing Dynamic Derivation", I'm reading relevant pull requests and RFCs. | 05:27:05 | |
| * Hello, I'm Mutsuha Asada. I major in computer science at University of Tsukuba, and I've been using Nix and NixOS for three years and contributing to nixpkgs a little. Interested in the theme of "Testing Dynamic Derivation", I'm reading relevant pull requests and RFCs. | 05:27:36 | |