Open IFcoltransG opened 4 months ago
Should be trivial to add a checklist to the Packaging Request template. Other templates like Missing Documentation already have one.
- that it's actively maintained and using modern libraries.
I'll point out that this is not (AFAIK) a prerequisite for nixpkgs. However, electron is a special case in that it basically ships a browser (chromium). Old versions of electron use EOL versions of chromium that are known insecure. We should not add known insecure packages into nixpkgs. The only versions we have in the repo are electron 27 to 30, everything older has been dropped: https://github.com/NixOS/nixpkgs/blob/c669412a552f31c45adad47894e7fd6a8698e53f/pkgs/top-level/aliases.nix#L308-L314
As far as actual guidelines, this is the section we currently have: https://github.com/NixOS/nixpkgs/tree/master/pkgs#quick-start-to-adding-a-package This could be improved to explicitly discourage adding insecure packages.
Context
Expectation
Reality
Relevance