Mail archive
alpine-devel

[alpine-devel] What could be done to make Alpine distribution more secure

From: Alba Pompeo <albapompeo_at_gmail.com>
Date: Mon, 22 Feb 2016 10:16:13 -0300

A few days ago Linux Mint's website was hacked and their ISOs were
replaced with backdoored images.
This is a great security concern and I think a good opportunity for
Alpine Linux to rethink its distributions of ISOs and what could be
improved.
I'll start with the obvious HTTPS support. The download links on
http://www.alpinelinux.org/downloads/ all point to a HTTP link.
If you try to manually change it to HTTPS you get the message -
wiki.alpinelinux.org uses an invalid security certificate.
The certificate is only valid for the following names:
mail.alpinelinux.org, alpinelinux.org
The certificate expired on 05/17/15 06:04.
The current time is 02/22/16 14:11. (Error code: ssl_error_bad_cert_domain)
And alpinelinux.org also doesn't go to HTTPS by default even with
HTTPS Everywhere installed. Shouldn't it always be preferred?
What else can you think about that would make alpine distribution more secure?
The most advanced security feature I've seen a few distributions doing
is reproducible builds, but it appears to be very hard and maybe not a
priority right now. But for the future maybe it could be an idea.

Ciao.


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Mon Feb 22 2016 - 10:16:13 GMT