0 sats \ 2 replies \ @ZezzebbulTheMysterious 31 Mar \ on: Finding packages affected by xz vuln on Nix NixOS
To me, this is a strike against nix. I don’t care for nix, but the ability audit the exact global version of link depends should not require esoteric package queries. Does this surface in standard instance management software?
how would you do this in other systems?
this isn't about auditing the version, but the dependency graph where the package occurs. afaik this isn't possible in other linux systems without even more complex queries.
reply
Osquery generally, but this doesn’t grab the package list in nixos (open GitHub issue: https://github.com/osquery/osquery/issues/8179)
reply