As a user, I can spot packages impacted by a security vulnerability #11

GuillaumeDesforges · 2022-10-14T08:26:49Z

aspiwack · 2022-10-14T12:16:56Z

You had a little more than this to say about this user story. I think we can make this issue a little bit more meaty.

“As a user” is very vague, where is this user coming from, what are they doing that requires attention to security vulnerability?
Based on that, what does “spotting packages impacted by a security vulnerability” looks like? Are they auditing the entirety of Nix? A package that they are installing? A package in their transitive dependencies? What do they need to know?
What would a solution look like which answers that need? Would it be an API? Or would it be a web UI element? In either case, what would it provide? A list of packages? A graph of packages with a given property? Something else? If it's a visual element, would their be some visual aid, or would the element be self-sufficient?

GuillaumeDesforges added the type:user story label Oct 14, 2022

GuillaumeDesforges mentioned this issue Oct 14, 2022

Spec for prototype #1

Closed

aspiwack mentioned this issue Oct 14, 2022

As a user, I can find the innermost package that contains a file #12

Open

1 task

Provide feedback