NixOS GSoC | 247 Members | |
| 24 Servers |
| Sender | Message | Time |
|---|---|---|
| 20 Mar 2026 | ||
| Hi all, I'm looking into the GSoC project for 'SBOM Accuracy and PURL Integration for Nixpkgs'. I noticed the mentor field is currently open on the ideas list, does anyone know who is the current mentor? I was reviewing the prior efforts and wanted to ask a few questions. | 09:44:38 | |
| * Hi all, I'm looking into the GSoC project for 'SBOM Accuracy and PURL Integration for Nixpkgs'. I noticed the mentor field is currently open on the ideas list, does anyone know who is the mentor? I was reviewing the prior efforts and wanted to ask a few questions. | 09:44:47 | |
| This is the right place to ask those questions, the SBOM team will be delighted to help you out: https://matrix.to/#/#nixpkgs-sbom:matrix.org | 10:00:12 | |
| Oh, ty. | 10:03:26 | |
| Can we also propose our own ideas? Is that allowed? | 10:30:27 | |
| Yea | 10:59:07 | |
| I was looking at the list of ideas for GSoC, and came across the "Enhanced Patch Information Extraction" project. I read through the referenced issue, and there doesn’t seem to be a clearly enforced format for how patches are named or described, apart from some CVE-related patches including identifiers. I wanted to better understand what the intended goal of this project is, whether the focus is on standardizing how patches are described, extracting structured metadata from existing patches for downstream tools, or a combination of both. | 11:45:12 | |
| A combination of both. Note that the ideas are just suggestions. Ultimately it's the submissions to GSoC that get reviewed | 12:05:36 | |
| * A combination of both. Note that the ideas are just suggestions. Ultimately it's your submissions to GSoC that get reviewed | 12:05:45 | |
| Got it, thanks! | 12:19:29 | |
| I believe I should be under that | 15:18:54 | |
| Yeah, I think that is one that I proposed when I was asked about GSoC ideas a while back. Some of it is there's patches which fixes CVE's but they do not contain a CVE name in it. So it would require identifying that. I've also thought about adding vulnerability or patch metadata to nixpkgs. This is very useful to be able to say where a patch comes from if it's a vendored file. There's also various other things that become useful which could be attached. | 15:22:17 | |
| Robert Hensing (roberth): Hi Robert! Just wanted to let you know that raf has agreed to be a mentor for the "Improved release notes for Nixpkgs" GSoC project! | 15:43:00 | |
| 16:21:52 | ||
| 17:37:28 | ||
| 19:56:04 | ||
| 21 Mar 2026 | ||
| Yeah, that makes sense, especially around tracking patches that fix CVEs which aren’t explicitly referenced. I’ve been looking into extracting metadata from existing packages in nixpkgs (from URLs, comments, etc.). While that works to an extent, it clearly hits limits when the information isn’t present. Using Right now I'm trying to output a JSON file that downstream tools can use. Long term, however, standardizing patch metadata into nixpkgs itself would be ideal. | 04:32:57 | |
| Yeah, I've written an SBOM generation tool at work and it works very well. It generates the CycloneDX vulnerabilities list and that seems to work well with grype. | 04:34:27 | |
| 05:11:48 | ||
| Hey all, I'm interested in finding a mentor for reviewing nixpkgs PRs! As a note, I'm located in Australia, so finding someone near my timezone would be great! | 05:19:52 | |
| oh I think I am misunderstanding how this process works haha - first time doing gsoc | 05:22:54 | |
| Hello, I'm Mutsuha Asada. I major in computer science at University of Tsukuba, and I've been using Nix and NixOS since three years and contributing to nixpkgs a little. Interested in the theme of "Testing Dynamic Derivation", I'm reading relevant pull requests and RFCs. | 05:27:05 | |
| * Hello, I'm Mutsuha Asada. I major in computer science at University of Tsukuba, and I've been using Nix and NixOS for three years and contributing to nixpkgs a little. Interested in the theme of "Testing Dynamic Derivation", I'm reading relevant pull requests and RFCs. | 05:27:36 | |
| okay uh - take two: Hey all! I've been a nixos user for a couple years now, and have learnt the nix language fairly well in that time, and gotten used to the nix tooling. I love this project, and want to help give back to it! I've known about GSoC for a couple years now, but this will be my first time giving it a shot! I'm interested in helping out with the nixpkgs PR review queue! My current plan would be to start with reviewing PRs (with assistance from a mentor) and then, when I have a little more experience, moving on to onboarding new nixpkgs contributors / package maintainers. Please reach out if you're interesting in mentoring me for this - I'd love to help out the project that I gain so much from! | 06:07:49 | |
| I'd also like help in workshopping my proposal to be more interesting to Google | 06:08:20 | |
| 10:31:41 | ||
| Update on the remote building protocol refactor, after discussion with the Nix maintainers the project is being replaced with a tangential idea to extend stores and eliminate the build hook. See https://github.com/NixOS/GSoC/pull/45 | 14:47:55 | |
| Hi! just submitted my GSoC proposal for the Review Nixpkgs PRs project (350h). I've been using NixOS for about a year and have a couple of small contributions to nixpkgs and nix.dev. Would really appreciate connecting with a mentor and getting any feedback on my proposal. GitHub is github.com/Haschwalth00B | 16:12:43 | |
| 18:09:51 | ||
| Hello everyone, My name is Daniel Lual from South Sudan but currently study in Indonesia doing a bachelor of Informatics Engineering in State University of Semarang. As the founder of Dann Foundation, I built a website where students from South Sudan have access to opportunities like scholarships but on the journey when I was building this website I have experience a lot of bugs and errors before my site was deployed. As a result of that, I debugged until my website was deployed online as per now. With due diligence, I am enthusiastically interested to work with NixOS in GSoC program. Get to expand my knowledge on how to be a best developer ever. this is the link of my website dannfoundation.net Thanks | 18:12:05 | |