Received: from smtp.ungleich.ch (mx.ungleich.ch [185.203.112.16])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 956F97819B4
	for <~alpine/devel@lists.alpinelinux.org>; Wed, 21 Apr 2021 07:56:02 +0000 (UTC)
Received: from nb3.localdomain (localhost [IPv6:::1])
	by smtp.ungleich.ch (Postfix) with ESMTP id D520020C57;
	Wed, 21 Apr 2021 09:56:01 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ungleich.ch; s=mail;
	t=1618991761; bh=4h+72/Kw8dpBODOuODrxYPoty8+kzBJQKdwklqQaiQE=;
	h=References:From:To:Cc:Subject:In-reply-to:Date:From;
	b=QUzFFBmK7Zt3o4C58CPfvdy4hEw/p8ZbGb5TTlQo60TnvLX/9vHB0jJjj/+LPQiHq
	 UGnmyJIjkCGTBl6iHU+b8I5uPrzU2rYR9XpT4nLv1I250IfY3apMHHSN92AMjgWXyd
	 SRVlUFEBvpMNCrCVKQsnLtskECJp4JRSre3UDkn7U4tHAa4oLQuVl14yBQ43oVB+dc
	 vz0VnWpjYi1U+9HGAgkk9LPJB1rKdsg3Z8gC1a+7gHRl8XuXUpGW8JJZbN0/eB7P76
	 4/t2b3ux/9lHRx+IXhi8sISjsxu4nATNOcDrs54A16Uy9N7JfF6P1HNNFiFFzOnLYt
	 Hl03IKyBzk2cw==
Received: by nb3.localdomain (Postfix, from userid 1000)
	id 6E9A314C0419; Wed, 21 Apr 2021 09:56:20 +0200 (CEST)
References: <db38b689-2a1e-998a-72a7-198ae863629@dereferenced.org>
User-agent: mu4e 1.4.15; emacs 27.2
From: Nico Schottelius <nico.schottelius@ungleich.ch>
To: Ariadne Conill <ariadne@dereferenced.org>
Cc: ~alpine/devel@lists.alpinelinux.org
Subject: Re: Introducing the Security Fix Tracker
In-reply-to: <db38b689-2a1e-998a-72a7-198ae863629@dereferenced.org>
Date: Wed, 21 Apr 2021 09:56:20 +0200
Message-ID: <87a6psxe8r.fsf@ungleich.ch>
MIME-Version: 1.0
Content-Type: text/plain


That is such a beauty, thanks a lot Ariadne!

I am not sure if you can easily filter it, but when going to the package
in question (like https://security.alpinelinux.org/srcpkg/subversion),
one sees open and resolved CVEs.

What would be quite interesting to see is which Alpine version relates
to which CVEs, not only to which packages.

This could answer the question of "I am running Alpine
3.11, by which CVEs am I likely affected?"

Either case, this is a pretty good start, great work!

Cheers,

Nico

Ariadne Conill <ariadne@dereferenced.org> writes:

> Hello,
>
> We have been hard at work the past month working on a CVE tracking
> system for Alpine.  While this work is not 100% complete, it is in a
> state where we can start testing it and making tweaks as needed.
>
> You can play with it at https://security.alpinelinux.org/ and if you
> want to send some tweaks, it's at
> https://gitlab.alpinelinux.org/kaniini/secfixes-tracker on Gitlab.
>
> Thanks to the infrastructure team for getting up the test version so
> quickly!
>
> Ariadne


--
Sustainable and modern Infrastructures by ungleich.ch