Mail archive

[alpine-devel] Alpine security tracker

From: Quentin Machu <>
Date: Thu, 24 Mar 2016 16:34:43 -0400


My name’s Quentin Machu and I am the primary maintainer of Clair [1], an
open source project for the static analysis of vulnerabilities in
containers, by CoreOS. The project, which aim at bringing security
awareness to everyone, recently went 1.0 [2] and is considerably well
received by the community.

As Alpine grows more and more popular, especially for containers to which
it becomes a really common base image, I believe that it would be extremely
valuable for Alpine to track vulnerabilities that may affect its packages.
Several Linux distributions, such as Debian [3][4], Ubuntu [5][6], RHEL
[7][8], Arch [9], already do through advisories and parsable databases.

Since the very beginning of Clair, the community has shown a significant
interest in being informed about the potential security flaws that may
threaten their Alpine-based containers [10].











Best Regards,
Quentin Machu

Received on Thu Mar 24 2016 - 16:34:43 GMT