|
|
|
|
|
|
by subsection1h
390 days ago
|
|
|
> All the package definitions [...] are "code reviewed". [...] with maybe some reviewed patches to get it to work in Nix's environment. In order for people to review Nix package definitions and patches, do they need to have their keys signed by other Nix contributors they meet in person like Debian contributors do? https://www.debian.org/events/keysigning |
|
|
It is less than ideal. On the other hand, self-reviews/merges are frowned upon, so there is normally an extra set of eyeballs that checks changes. Besides that, nixpkgs has a really large number of non-committer contributors. Packages often get touched by multiple if not tens of people. So, even though Linus' law typically doesn't hold up, I do think it holds up pretty well for nixpkgs.