Mail archive

Re: [alpine-devel] Fw: Improving cross-distribution security

From: Chloe Kudryavtsev <>
Date: Fri, 1 Mar 2019 21:19:01 -0500

On 3/1/2019 7:45 PM, Daniel Isaksen wrote:
> This is a great initiative, and we really need to get Working Groups (WGs) /
> Special Interest Groups (SIGs) formally set up. A while ago, I created a draft
> document[1] describing how to create and operate them. If you strongly
> disapprove of Google, email me, and I can return you a PDF copy.
> So, I'll be short: what do you, the Alpine developers, think of this proposal?
> Could any of you help me with said document? I am on the (somewhat loosely
> defined) 'infrastructure team', so I will be able to help out with the technical
> aspect.
> My personal opinion is that we need a team of (at least semi-)dedicated people
> on a Security SIG to first and foremost:
> - Maintain a security advisory program as a service for Alpine users.
> - Make sure we are properly tracking and patching new vulnerabilities, both
> through open-source intelligence and information sharing with other
> distributions.
> [1]:

I disagree with your outlined approach, for various reasons.
After a discussion over on IRC, we agreed on a more general team-based
management approach.
Please find the resulting draft proposal here[1].

We also both agreed that something along these lines must be done, for
many reasons.
Kaniini has also expressed preemptive support in #alpine-devel.

Hopefully, a deeper and more detailed discussion will take place (likely
over IRC) within the next few days.


Received on Fri Mar 01 2019 - 21:19:01 UTC