Mail archive

Re: [alpine-devel] Alpine security tracker

From: Leonardo Arena <>
Date: Thu, 24 Mar 2016 21:50:06 +0100

Il giorno gio, 24/03/2016 alle 16.34 -0400, Quentin Machu ha scritto:
> Hi,


> My name’s Quentin Machu and I am the primary maintainer of Clair [1],
> an open source project for the static analysis of vulnerabilities in
> containers, by CoreOS. The project, which aim at bringing security
> awareness to everyone, recently went 1.0 [2] and is considerably well
> received by the community.
> As Alpine grows more and more popular, especially for containers to
> which it becomes a really common base image, I believe that it would
> be extremely valuable for Alpine to track vulnerabilities that may
> affect its packages.

We already do that in our bug traker:

> Several Linux distributions, such as Debian [3][4], Ubuntu [5][6],
> RHEL [7][8], Arch [9], already do through advisories and parsable
> databases.

We don't issue our own advisories if that's what you mean. That would
require more man power which I think we prefer to spend on fixing the
security issues.

- leo

Received on Thu Mar 24 2016 - 21:50:06 UTC