Description
The Nixpkgs vulnerability tracker was developed with financial support by the Sovereign Tech Fund. It demoed to the security team in December 2024 and is now deployed on official infra under https://tracker.security.nixos.org for testing purposes. Thanks to the @nixos/infra team for your support!
It's likely there will be means available to continue development in 2025 to roll it out for day-to-day operations, which will result in growing resource consumption.
In order to cover hosting expenses, I request to reserve a slice of 100€/month from the infrastructure budget.
Currently we're spending <35€/month. The server runs nightly CVE ingestions and Nixpkgs evaluations and stores a couple GB of data. The goal is to keep expenses at the low end, ideally by taking evals directly from Hydra, and pruning old data.
@nixos/steering approves according to @tomberek.