X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id 73C79DC1978 for ; Thu, 24 Mar 2016 20:50:15 +0000 (UTC) Received: from mail-wm0-f51.google.com (mail-wm0-f51.google.com [74.125.82.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 1FC9ADC029D for ; Thu, 24 Mar 2016 20:50:14 +0000 (UTC) Received: by mail-wm0-f51.google.com with SMTP id l68so1451782wml.0 for ; Thu, 24 Mar 2016 13:50:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:subject:from:to:cc:date:in-reply-to:references :mime-version; bh=J3AwxmcajtV1T/7xdrfxPq5wlYxfjw52jpa8eLrEjek=; b=k9202N49gijasqUD1P/jHh2DziySIGzyBQMWJoWQ4yK000p1QW0yR+i0LHbKYaux+O q1OwJk4Otpg23KwgZB+zBJ+heisRyOkN/XUT0Mb6NxtawcQ7Dd9Muo1l6KCKMYRcB3i/ XiHhgn6aOZQHxXU2BPMC557qWUk4fcd9Q/0TSF/Qg+zsfQUkNglOpHz0eZTqLoVUuXgv 06HEcE1QZrcvMDnt55+6gmxcUmikFYbWTlqIWOlWg+1CTZAukACbuIqC92QSWETQ4yY9 bc5Aof6eKwO4qG++ZgrIj3RZgvMqNQaJBEzVMFX7YBS1gbf+fTbJOaRoYTWl/VhYD3Pp NKDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version; bh=J3AwxmcajtV1T/7xdrfxPq5wlYxfjw52jpa8eLrEjek=; b=ZumIS6aJUHbmBASuwtDlg1CLXqZYKlvooSWtSMo/xe0cWUzi+neBvRhgCHZAY63izQ zub4PFBEiqEalOgbX5ZpfXb64Fiq5OvkCLypa5TzgaGg4IWstOtlNIRrkSl8HrJQ936p r/xVS4IFQdhseWLUkpg5ybrGdJf1jNXrCeXZ01oHz4hhqB+d/gGsmwprhFMqB2kVhfHT 8XkHQNS516kcNNeR+awHKgLWWhKHwQfy+nxAhCe4MV7YbORiL7ajVlFrwBTzQxBNqer0 zMt9qPdOBeyVbfRK7ORatHNGVkm4zzllCEn/q7hM9F2ZtQigaWHdBMF667IusuGd7/nP YJiw== X-Gm-Message-State: AD7BkJKWvTtUU8QrMThWcQ5YEHlDVyM1iuKogAVZIwc9ooaq8PycsqpQK1agIgzD6IjN1w== X-Received: by 10.194.171.66 with SMTP id as2mr11811700wjc.110.1458852613617; Thu, 24 Mar 2016 13:50:13 -0700 (PDT) Received: from [192.168.1.200] ([89.202.239.196]) by smtp.googlemail.com with ESMTPSA id t82sm173300wmt.17.2016.03.24.13.50.11 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 24 Mar 2016 13:50:12 -0700 (PDT) Message-ID: <1458852606.9023.4.camel@c89m3s1> Subject: Re: [alpine-devel] Alpine security tracker From: Leonardo Arena To: Quentin Machu Cc: alpine-devel@lists.alpinelinux.org Date: Thu, 24 Mar 2016 21:50:06 +0100 In-Reply-To: References: Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-kA6xRrBVEpCdSGwoxPHG" X-Mailer: Evolution 3.10.4-0ubuntu2 X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP --=-kA6xRrBVEpCdSGwoxPHG Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Il giorno gio, 24/03/2016 alle 16.34 -0400, Quentin Machu ha scritto: > Hi, >=20 Hi, >=20 > My name=E2=80=99s Quentin Machu and I am the primary maintainer of Clair = [1], > an open source project for the static analysis of vulnerabilities in > containers, by CoreOS. The project, which aim at bringing security > awareness to everyone, recently went 1.0 [2] and is considerably well > received by the community. >=20 >=20 > As Alpine grows more and more popular, especially for containers to > which it becomes a really common base image, I believe that it would > be extremely valuable for Alpine to track vulnerabilities that may > affect its packages.=20 We already do that in our bug traker: https://bugs.alpinelinux.org/projects/alpine/issues?set_filter=3D1&status_i= d=3Dc&tracker_id=3D1 > Several Linux distributions, such as Debian [3][4], Ubuntu [5][6], > RHEL [7][8], Arch [9], already do through advisories and parsable > databases. >=20 We don't issue our own advisories if that's what you mean. That would require more man power which I think we prefer to spend on fixing the security issues. - leo --=-kA6xRrBVEpCdSGwoxPHG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJW9FL+AAoJELAPckZGG2T6lW8IAIyDBxg61zhEcJSzZzLBf2/3 3Pp3XEq99MgdUMyMbmhLPwTRtTDBg85yxwgFOuZX3T05rDeZO87plocCheCStCF+ F4D/dTWT3urqsGC5l3jEzLR9vpOgqqNLWcOxpMkTvHZ+xrNvEvluohbeYe0eDLrk 7alfzBb1xKWkjMyLDIAbUIdrdD+l4DTqZR0xbq1q/Th7G0TZ0wAQhPOE0vW+QH/o nWBv2Wtphotd5vXU3IIglJQ+91mJu7gBsM2l3+GqbODZKrktieHaJ9dhZaIdxW4c rcaK6aQtZiP2XpgXDcnNojmYlHpaSIB5bf9FKc43BmWgXP8FGoqmZEsgde2sLOI= =zC7E -----END PGP SIGNATURE----- --=-kA6xRrBVEpCdSGwoxPHG-- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---