Mail archive

[alpine-devel] What could be done to make Alpine distribution more secure

From: Alba Pompeo <>
Date: Mon, 22 Feb 2016 10:16:13 -0300

A few days ago Linux Mint's website was hacked and their ISOs were
replaced with backdoored images.
This is a great security concern and I think a good opportunity for
Alpine Linux to rethink its distributions of ISOs and what could be
I'll start with the obvious HTTPS support. The download links on all point to a HTTP link.
If you try to manually change it to HTTPS you get the message - uses an invalid security certificate.
The certificate is only valid for the following names:,
The certificate expired on 05/17/15 06:04.
The current time is 02/22/16 14:11. (Error code: ssl_error_bad_cert_domain)
And also doesn't go to HTTPS by default even with
HTTPS Everywhere installed. Shouldn't it always be preferred?
What else can you think about that would make alpine distribution more secure?
The most advanced security feature I've seen a few distributions doing
is reproducible builds, but it appears to be very hard and maybe not a
priority right now. But for the future maybe it could be an idea.


Received on Mon Feb 22 2016 - 10:16:13 UTC