All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Determinate Systems updates enterprise-focused secure Nixpkgs with CVE remediation and FlakeBOM

By

Luc Perkins

21h ago· 7 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

The bagel they save for the regulars. Don't skim, savour.

Score100TypeanalysisSentimentpositive

Summary

Determinate Systems provides an update on Determinate Secure Packages, a curated secure subset of Nixpkgs designed for enterprise use. The service offers SLA-backed CVE remediation, optional FIPS-compliant packages, and full cache coverage via FlakeHub Cache. The article discusses the growing importance of supply chain security in light of incidents like the xz backdoor, and previews upcoming features including FlakeBOM (Bill of Materials) for enhanced software supply chain visibility.

Key quotes

· 3 pulled
Determinate Secure Packages came into the world both ready to revolutionize the software supply chain on day one and also as a seedling primed to expand and flourish well beyond its promise start.
In the meantime, the importance of supply chain security found a way to go from 'critical' to 'OMG?!?'
While memories of the xz backdoor, Shai Hu
Snippet from the RSS feed
Checking in on the current state of our supply chain efforts and an initial glance at FlakeBOM

You might also wanna read

Software Supply Chain Attacks: Exploiting Trust Assumptions in Modern Development

The article examines the growing threat of software supply chain attacks that exploit fundamental trust assumptions in modern development wo

blog.trailofbits.com·7mo ago

Critical Vulnerability Discovery in Nix Package Manager Ecosystem

The article details how the author and a colleague discovered a critical vulnerability in the Nix package manager ecosystem that could have

ptrpa.ws·7mo ago

NixOS: Appreciating Deterministic Package Management and System Reproducibility

The article explains why the author loves NixOS, emphasizing that their appreciation stems primarily from the Nix package manager rather tha

birkey.co·2mo ago

Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts

The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att

casco.com·2mo ago

DepsGuard: Open-source Rust tool to harden package manager configs against supply chain attacks

DepsGuard is an open-source Rust tool (single static binary, zero Rust crate dependencies) that hardens package manager configurations again

github.com·9d ago

Rust Programming Language Faces Inevitable Supply Chain Security Threats

The article warns about inevitable supply chain attacks targeting the Rust programming language ecosystem, predicting that malicious actors

kerkour.com·2mo ago