Mail archive
alpine-devel

Re: [alpine-devel] Alpine security tracker

From: Leonardo Arena <rnalrd_at_gmail.com>
Date: Thu, 24 Mar 2016 21:50:06 +0100

Il giorno gio, 24/03/2016 alle 16.34 -0400, Quentin Machu ha scritto:
> Hi,
>

Hi,

>
> My name’s Quentin Machu and I am the primary maintainer of Clair [1],
> an open source project for the static analysis of vulnerabilities in
> containers, by CoreOS. The project, which aim at bringing security
> awareness to everyone, recently went 1.0 [2] and is considerably well
> received by the community.
>
>
> As Alpine grows more and more popular, especially for containers to
> which it becomes a really common base image, I believe that it would
> be extremely valuable for Alpine to track vulnerabilities that may
> affect its packages.

We already do that in our bug traker:
https://bugs.alpinelinux.org/projects/alpine/issues?set_filter=1&status_id=c&tracker_id=1


> Several Linux distributions, such as Debian [3][4], Ubuntu [5][6],
> RHEL [7][8], Arch [9], already do through advisories and parsable
> databases.
>

We don't issue our own advisories if that's what you mean. That would
require more man power which I think we prefer to spend on fixing the
security issues.

- leo






---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Mar 24 2016 - 21:50:06 GMT