Received: from mail.schafweide.org (mail.schafweide.org [IPv6:2a03:4000:6:b127::1]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id F0DDD225C51 for <~alpine/users@lists.alpinelinux.org>; Thu, 19 Sep 2024 19:35:55 +0000 (UTC) Received: from [IPV6:2a00:c380:e002:8240:7c8e:7022:2715:9fc] (unknown [IPv6:2a00:c380:e002:8240:7c8e:7022:2715:9fc]) by mail.schafweide.org (Postfix) with ESMTPSA id DCD65E4D9B50 for <~alpine/users@lists.alpinelinux.org>; Thu, 19 Sep 2024 21:35:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=schafweide.org; s=2007; t=1726774553; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yVM2EQkEz1L5srFEUATXncKiYxQ10JZVTilN52dOjgA=; b=GnvEhFByfGDS8nG4g1PPGn+uTYT5K5UBtvcjaSTx4dhry89kRDlrvAV3UjsHAGorPpQz6p m7j1OUUW5PyumMUoDp3RFSztGUWWEi7cJxVPQdu2CO7VdE8UiMHTAQoVNrHgTUSt89gSxt zZQbjs7lC7S0g++M8jbfKMKfSZI6Adk= Message-ID: <42ae97cb-f16a-4eeb-a519-d40de33bb631@schafweide.org> Date: Thu, 19 Sep 2024 21:35:53 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Discussion - Is Alpine Linux still a more secure Linux Distribution compared to its compatriots To: ~alpine/users@lists.alpinelinux.org References: Content-Language: de-DE, en-US From: Bjoern Franke In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, > One datapoint from my $dayjob... Alpine is used for container > instances because it has a small footprint, and it is best-in-class > with respect to vulnerability scanner results. I.e., it has the fewest > findings from known exploits. This is compared with other popular > distros like Debian and Ubuntu. > I'm surprised that this aspect wasn't mentioned earlier. Some time ago at $dayjob we compared the Nextcloud Docker images, the Debian based one and the Alpine based one, with trivy. I don't recall the numbers in detail any more, but while trivy found dozens of vulnerabilities in the Debian image, there were nearly 0 in the Alpine image. Several vulnerabilities didn't even have Debian Security Advisories assigned. Regards Bjoern