X-Original-To: alpine-devel@mail.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1])
	by mail.alpinelinux.org (Postfix) with ESMTP id CBB77DC029D
	for <alpine-devel@mail.alpinelinux.org>; Thu, 24 Mar 2016 20:34:46 +0000 (UTC)
Received: from mail-lf0-f44.google.com (mail-lf0-f44.google.com [209.85.215.44])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id 38088DC003D
	for <alpine-devel@lists.alpinelinux.org>; Thu, 24 Mar 2016 20:34:45 +0000 (UTC)
Received: by mail-lf0-f44.google.com with SMTP id d82so43525038lfe.3
        for <alpine-devel@lists.alpinelinux.org>; Thu, 24 Mar 2016 13:34:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=coreos.com; s=google;
        h=from:mime-version:date:message-id:subject:to;
        bh=z9wCucx/kUeyHIIqaLxeTU53kyI3r8jGgv9ok5TzWU8=;
        b=cu+yG3C2LULqU3tKfYE8T4208IvX8XhgyIrNPNj1xSI6VIOtk2MYmRYn8g+K+1PI8C
         AWevNEiKF4OKnhnAy9hBPQ5VlqUiXqA9KSgiVjnDFi3AYKYIOYc4I48daY0wpwvgiAZN
         AOwGJ5RaNo/CGsunKL0IOhyrbSseMsNoirowQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:mime-version:date:message-id:subject:to;
        bh=z9wCucx/kUeyHIIqaLxeTU53kyI3r8jGgv9ok5TzWU8=;
        b=how1HhSNckJOV98wlYJuj1X/wCfXEZidoEHZ4t4GnrYReOaUEFksWi7PPTpqCc6gwZ
         ouAgEi7+5cyLxL8X4sRcQwfvUWz8axwc/EZzYrqH2+vX6CtYvgSIBLmgflqXhC9/+Zfg
         GsNjPLF74qSewsdmGTLlti4rn+D0bdXP38sFHCG4zEo+QVwYKQnQWjHzKOzvUF41Gh+N
         RGve0e4uO7zDpKOam3YxLGl937+3RF8SLoZGQy8oEGLAzLo9t6tprj5QarAwx5/0MI6c
         ZRAEYGB17KNa9JDYrqTlWebiQ40oVBWASOs036TfGS2lE+PFWrzqoLXPLVj1wV6+1uJi
         ohpA==
X-Gm-Message-State: AD7BkJLwNlR7n8gwmY3VTDsB6p/MKYxJ2RsF4PS17Ne394p8uU+MY3tHAjC9dxx1HYwZQUuiC+rAn7YRjKohgOjd
X-Received: by 10.25.15.162 with SMTP id 34mr4360492lfp.152.1458851683668;
 Thu, 24 Mar 2016 13:34:43 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with
 HTTPREST; Thu, 24 Mar 2016 16:34:43 -0400
From: Quentin Machu <quentin.machu@coreos.com>
X-Mailer: Airmail Beta (353)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Date: Thu, 24 Mar 2016 16:34:43 -0400
Message-ID: <CANtECw8gn93aiQ4qGoGcM3TJ4C6vLAK45cp62_nmHEL1usfg7A@mail.gmail.com>
Subject: [alpine-devel] Alpine security tracker
To: alpine-devel@lists.alpinelinux.org
Content-Type: multipart/alternative; boundary=001a113fa1ce62acb9052ed160ac
X-Virus-Scanned: ClamAV using ClamSMTP

--001a113fa1ce62acb9052ed160ac
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

My name=E2=80=99s Quentin Machu and I am the primary maintainer of Clair [1=
],  an
open source project for the static analysis of vulnerabilities in
containers, by CoreOS. The project, which aim at bringing security
awareness to everyone, recently went 1.0 [2] and is considerably well
received by the community.

As Alpine grows more and more popular, especially for containers to which
it becomes a really common base image, I believe that it would be extremely
valuable for Alpine to track vulnerabilities that may affect its packages.
Several Linux distributions, such as Debian [3][4], Ubuntu [5][6], RHEL
[7][8], Arch [9], already do through advisories and parsable databases.

Since the very beginning of Clair, the community has shown a significant
interest in being informed about the potential security flaws that may
threaten their Alpine-based containers [10].

[1]: https://github.com/coreos/clair

[2]: https://coreos.com/blog/clair-v1.html

[3]: https://www.debian.org/security/

[4]: https://security-tracker.debian.org/tracker/

[5]: http://www.ubuntu.com/usn/

[6]: https://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/

[7]: https://rhn.redhat.com/errata/

[8]: https://www.redhat.com/security/data/oval/

[9]: https://wiki.archlinux.org/index.php/CVE

[10]: https://github.com/coreos/clair/issues/12

Best Regards,
Quentin Machu

--001a113fa1ce62acb9052ed160ac
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style>=
</head><body style=3D"word-wrap:break-word"><div id=3D"bloop_customfont" st=
yle=3D"font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);mar=
gin:0px;line-height:auto"><span id=3D"docs-internal-guid-ace456fe-aa53-e543=
-11c7-c35f21ad4148"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span style=3D"font-size:13.333333333333332px;font-fami=
ly:Arial;background-color:transparent;vertical-align:baseline;white-space:p=
re-wrap">Hi,</span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-=
top:0pt;margin-bottom:0pt"><span style=3D"font-size:13.333333333333332px;fo=
nt-family:Arial;background-color:transparent;vertical-align:baseline;white-=
space:pre-wrap">My name=E2=80=99s Quentin Machu and I am the primary mainta=
iner of Clair [1], </span><span style=3D"font-size:13.333333333333332px;fon=
t-family:Arial;vertical-align:baseline;white-space:pre-wrap">=C2=A0an open =
source project for the static analysis of vulnerabilities in containers, by=
 CoreOS. The project, which aim at bringing security awareness to everyone,=
 recently went 1.0 [2] and is considerably well received by the community.<=
/span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margi=
n-bottom:0pt"><span style=3D"font-size:13.333333333333332px;font-family:Ari=
al;vertical-align:baseline;white-space:pre-wrap">As Alpine grows more and m=
ore popular, especially for containers to which it becomes a really common =
base image, I believe that it would be extremely valuable for Alpine to tra=
ck vulnerabilities that may affect its packages. Several Linux distribution=
s, such as Debian [3][4], Ubuntu [5][6], RHEL [7][8], Arch [9], already do =
through advisories and parsable databases.</span></p><br><p dir=3D"ltr" sty=
le=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"fon=
t-size:13.333333333333332px;font-family:Arial;vertical-align:baseline;white=
-space:pre-wrap">Since the very beginning of Clair, the community has shown=
 a significant interest in being informed about the potential security flaw=
s that may threaten their Alpine-based containers [10].</span></p><br><p di=
r=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span=
 style=3D"font-size:13.333333333333332px;font-family:Arial;vertical-align:b=
aseline;white-space:pre-wrap">[1]: </span><a href=3D"https://github.com/cor=
eos/clair" style=3D"text-decoration:none"><span style=3D"font-size:13.33333=
3333333332px;font-family:Arial;color:rgb(0,0,0);background-color:transparen=
t;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">h=
ttps://github.com/coreos/clair</span></a></p><p dir=3D"ltr" style=3D"line-h=
eight:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:13.33=
3333333333332px;font-family:Arial;vertical-align:baseline;white-space:pre-w=
rap">[2]: </span><a href=3D"https://coreos.com/blog/clair-v1.html" style=3D=
"text-decoration:none"><span style=3D"font-size:13.333333333333332px;font-f=
amily:Arial;color:rgb(0,0,0);text-decoration:underline;vertical-align:basel=
ine;white-space:pre-wrap">https://coreos.com/blog/clair-v1.html</span></a><=
/p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0p=
t"><span style=3D"font-size:13.333333333333332px;font-family:Arial;vertical=
-align:baseline;white-space:pre-wrap">[3]: <a href=3D"https://www.debian.or=
g/security/">https://www.debian.org/security/</a></span></p><p dir=3D"ltr" =
style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"=
font-size:13.333333333333332px;font-family:Arial;vertical-align:baseline;wh=
ite-space:pre-wrap">[4]: </span><a href=3D"https://security-tracker.debian.=
org/tracker/" style=3D"text-decoration:none"><span style=3D"font-size:13.33=
3333333333332px;font-family:Arial;color:rgb(0,0,0);text-decoration:underlin=
e;vertical-align:baseline;white-space:pre-wrap">https://security-tracker.de=
bian.org/tracker/</span></a></p><p dir=3D"ltr" style=3D"line-height:1.38;ma=
rgin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:13.333333333333332=
px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">[5]: <a =
href=3D"http://www.ubuntu.com/usn/">http://www.ubuntu.com/usn/</a></span></=
p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt=
"><span style=3D"font-size:13.333333333333332px;font-family:Arial;vertical-=
align:baseline;white-space:pre-wrap">[6]: <a href=3D"https://bazaar.launchp=
ad.net/~ubuntu-security/ubuntu-cve-tracker/">https://bazaar.launchpad.net/~=
ubuntu-security/ubuntu-cve-tracker/</a></span></p><p dir=3D"ltr" style=3D"l=
ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:=
13.333333333333332px;font-family:Arial;vertical-align:baseline;white-space:=
pre-wrap">[7]: <a href=3D"https://rhn.redhat.com/errata/">https://rhn.redha=
t.com/errata/</a></span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin=
-top:0pt;margin-bottom:0pt"><span style=3D"font-size:13.333333333333332px;f=
ont-family:Arial;vertical-align:baseline;white-space:pre-wrap">[8]: <a href=
=3D"https://www.redhat.com/security/data/oval/">https://www.redhat.com/secu=
rity/data/oval/</a></span></p><p dir=3D"ltr" style=3D"line-height:1.38;marg=
in-top:0pt;margin-bottom:0pt"><span style=3D"font-size:13.333333333333332px=
;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">[9]: <a hr=
ef=3D"https://wiki.archlinux.org/index.php/CVE">https://wiki.archlinux.org/=
index.php/CVE</a></span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin=
-top:0pt;margin-bottom:0pt"><span style=3D"font-size:13.333333333333332px;f=
ont-family:Arial;vertical-align:baseline;white-space:pre-wrap">[10]: <a hre=
f=3D"https://github.com/coreos/clair/issues/12">https://github.com/coreos/c=
lair/issues/12</a></span></p><br></span></div><div class=3D"bloop_sign" id=
=3D"bloop_sign_1458851489131025152"><div style=3D"font-family:helvetica,ari=
al;font-size:13px">Best Regards,</div><div style=3D"font-family:helvetica,a=
rial;font-size:13px">Quentin Machu</div></div></body></html>

--001a113fa1ce62acb9052ed160ac--


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---