X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id 5E1C4DCB54D for ; Mon, 22 Feb 2016 13:16:19 +0000 (UTC) Received: from mail-wm0-f52.google.com (mail-wm0-f52.google.com [74.125.82.52]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 8E576DD0685 for ; Mon, 22 Feb 2016 13:16:16 +0000 (UTC) Received: by mail-wm0-f52.google.com with SMTP id b205so155065796wmb.1 for ; Mon, 22 Feb 2016 05:16:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=LhpyXfbpIUMXUT90KNak40keGJWAVg7eZtXDZAXLWdk=; b=h24gX2UMTzONrsnIvzvpdw7+GLG8Gm4x5zbruIFX98hlivOo5icCAdsF2uV15+YWYA Kj5SZsuuN5OQzpyJV3yqUdXXXsGp27mqOOVAh+b2IyPHwp7cmxSEjt6s8IA0nw3MmMQl rVWe3jwxgNcHhDVII52qKdL30gNcR5qdem4hB1rqesTsKzZGhx1sVvn94wxMvxARVGO6 GC7nMYRayCeWY6ZYtMC3eIzoE9WS0k83DyLH99NsmysPEi/kcSyR83desd4Ou5OyI/MH JiT5wZgkBM0fKcAMqLOGacmEUAUEcaECMALa9sGva8oRlasw9f3xRZmHmyfGCoWF7vwV FKFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=LhpyXfbpIUMXUT90KNak40keGJWAVg7eZtXDZAXLWdk=; b=WrJiW7mlDpaXjy36SIF78gr42oP89C2IFPtSctjj4y3CN97I+N5QOdBfKvB/GVPFpa 0fd5FlQfKz+kn9/9BFs7nS/D9Ow5xt3V6MhF3mFh2eStZhWM8EEDKyzdinz4kJhPyhOD LFgJhcP5XesYs4/X9z49RJku722sCz63hAcQ2TXouxwqAseNGRFi37OKwWHFNzAF1Z/K q6VoMIQhUo4G/Vb9wVkjNzhSLepQsYvSotZ2JFat/8K/i5fi9byImwEhQWh1ybh469iD G8lxbN/S7gV7rIH0nL/MkplUfq/rpAWTzUh23ei2hsSc/OCZoaf4jX2xQRrPTApz931v WOfw== X-Gm-Message-State: AG10YOTYhV/oI8Qyx8sQA4+kkpC0zIEHWaSzxAVzK5UzyfGKk2py6P+GS1Lw0nHztgmYwYdiMG5bubxy1gsrYg== X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 X-Received: by 10.28.59.212 with SMTP id i203mr11796571wma.69.1456146973233; Mon, 22 Feb 2016 05:16:13 -0800 (PST) Received: by 10.27.177.154 with HTTP; Mon, 22 Feb 2016 05:16:13 -0800 (PST) Date: Mon, 22 Feb 2016 10:16:13 -0300 Message-ID: Subject: [alpine-devel] What could be done to make Alpine distribution more secure From: Alba Pompeo To: alpine-devel@lists.alpinelinux.org Content-Type: text/plain; charset=UTF-8 X-Virus-Scanned: ClamAV using ClamSMTP A few days ago Linux Mint's website was hacked and their ISOs were replaced with backdoored images. This is a great security concern and I think a good opportunity for Alpine Linux to rethink its distributions of ISOs and what could be improved. I'll start with the obvious HTTPS support. The download links on http://www.alpinelinux.org/downloads/ all point to a HTTP link. If you try to manually change it to HTTPS you get the message - wiki.alpinelinux.org uses an invalid security certificate. The certificate is only valid for the following names: mail.alpinelinux.org, alpinelinux.org The certificate expired on 05/17/15 06:04. The current time is 02/22/16 14:11. (Error code: ssl_error_bad_cert_domain) And alpinelinux.org also doesn't go to HTTPS by default even with HTTPS Everywhere installed. Shouldn't it always be preferred? What else can you think about that would make alpine distribution more secure? The most advanced security feature I've seen a few distributions doing is reproducible builds, but it appears to be very hard and maybe not a priority right now. But for the future maybe it could be an idea. Ciao. --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---