Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id B2E5B225ABF
	for <~alpine/users@lists.alpinelinux.org>; Wed, 18 Sep 2024 14:54:06 +0000 (UTC)
Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mx1.riseup.net (Postfix) with ESMTPS id 4X81rD3ryHzDqCJ
	for <~alpine/users@lists.alpinelinux.org>; Wed, 18 Sep 2024 14:54:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
	t=1726671244; bh=NEHUugq823U0BBt969BqRfZzOA//etWrRqROYr13wrI=;
	h=Subject:From:To:Date:In-Reply-To:References:From;
	b=m2mvbiSQ7yHKGbMlTbbH39mOux2X2VcDIphih0xv22dkkZXV7xlj9I7rvG4bDdnd5
	 +5kjXJwdDVLS3tCqhlJEXPIZhS1r8p8qx7OytYr1umOmq5nV7PgBF7mvC+sK3zSyej
	 T+slnFNqxxPNiRpjM4mZR+Iur5Eic+9/LXRfu7Xk=
X-Riseup-User-ID: 1C287F53921642D5D1EA4DB73837B7ECA3B8BC241638E4D43B935206021F1719
Received: from [127.0.0.1] (localhost [127.0.0.1])
	 by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4X81rD0dQCzFvx3
	for <~alpine/users@lists.alpinelinux.org>; Wed, 18 Sep 2024 14:54:03 +0000 (UTC)
Message-ID: <5ed4f8e4e4952161908a9d9f25aaf10283159264.camel@riseup.net>
Subject: Re: Discussion - Is Alpine Linux still a more secure Linux
 Distribution compared to its compatriots
From: Ralf Mardorf <ralf-mardorf@riseup.net>
To: ~alpine/users@lists.alpinelinux.org
Date: Wed, 18 Sep 2024 16:54:00 +0200
In-Reply-To: <O74GIpz--B-9@tuta.io>
References: <O74GIpz--B-9@tuta.io>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

On Wed, 2024-09-18 at 15:38 +0200, kdmw.629@tuta.io wrote:
> Should Alpine be considered as more secure or equal secure compared to
> its peers like Debian, Ubuntu, Fedora, etc?

Hi,

security has almost nothing to do with the distribution used. Security
depends almost exclusively on the user. The best security measures that
a distribution may offer are of no use if the user uses them
incorrectly.

It also depends on what you want to protect, how and from whom.=20

I don't care much about security ( xhost + ;), since you can't get
anything from my computer (Arch Linux) for everyday private work or
destroy or make anything important inaccessible.

Apropos Arch Linux. I don't know how BlackArch compares to
https://www.kali.org/ .

"BlackArch Linux is an Arch Linux-based penetration testing distribution
for penetration testers and security researchers." - https://blackarch.org/

Consider attacking your own server to check for security flaws.

Or if you are a desktop computer user, consider just to learn, how to
avoid common mistakes, e.g. those related to OpenPGP usage.
Misconceptions related to TOR etc. ppp.

Update your machine from official repos of your distribution. Don't use
1000 containers, each for each single app, all with 1000 different
library versions of the same libraries, better use non-containerised
apps sharing a single version of each library.

Consider to either follow the security tracker of your distro and/or
install a helper. Arch Linux for example provides
https://gitlab.archlinux.org/archlinux/arch-audit .

Etc. ppp., it is pointless to give tips or even express opinions without
knowing what you want to protect, why and from whom.

Regards,
Ralf