Mail archive
alpine-devel

[alpine-devel] Alpine security tracker

From: Quentin Machu <quentin.machu_at_coreos.com>
Date: Thu, 24 Mar 2016 16:34:43 -0400

Hi,

My name’s Quentin Machu and I am the primary maintainer of Clair [1], an
open source project for the static analysis of vulnerabilities in
containers, by CoreOS. The project, which aim at bringing security
awareness to everyone, recently went 1.0 [2] and is considerably well
received by the community.

As Alpine grows more and more popular, especially for containers to which
it becomes a really common base image, I believe that it would be extremely
valuable for Alpine to track vulnerabilities that may affect its packages.
Several Linux distributions, such as Debian [3][4], Ubuntu [5][6], RHEL
[7][8], Arch [9], already do through advisories and parsable databases.

Since the very beginning of Clair, the community has shown a significant
interest in being informed about the potential security flaws that may
threaten their Alpine-based containers [10].

[1]: https://github.com/coreos/clair

[2]: https://coreos.com/blog/clair-v1.html

[3]: https://www.debian.org/security/

[4]: https://security-tracker.debian.org/tracker/

[5]: http://www.ubuntu.com/usn/

[6]: https://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/

[7]: https://rhn.redhat.com/errata/

[8]: https://www.redhat.com/security/data/oval/

[9]: https://wiki.archlinux.org/index.php/CVE

[10]: https://github.com/coreos/clair/issues/12

Best Regards,
Quentin Machu



---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Mar 24 2016 - 16:34:43 GMT