Received: from mx0.riseup.net (mx0.riseup.net [198.252.153.6])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id A420D225C6B
	for <~alpine/users@lists.alpinelinux.org>; Thu, 19 Sep 2024 06:31:52 +0000 (UTC)
Received: from fews01-sea.riseup.net (fews01-sea-pn.riseup.net [10.0.1.109])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mx0.riseup.net (Postfix) with ESMTPS id 4X8QfG5Ykdz9vZQ;
	Thu, 19 Sep 2024 06:31:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
	t=1726727510; bh=vNwXWHC1n0cSBkGsRk3JvVaJKZwEuCXDFAaJCMq3EDE=;
	h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
	b=l6C+Cs+b9Mj7Fldqc939RNUdG/PAewzNSiJR3/XySYSrj7kUf8CMmK9DwkAk0ALzl
	 yEBs7B3FUqRn05ov34VVAFurSujg5a1XFBWoRawHbndDrp+4MbwtJOO9FVwvz/OLha
	 Z/RRf4f2hKqvb4K0aTLEGxpiEn7uMBuYfsKwL1pQ=
X-Riseup-User-ID: B6C062630ACF8BE49A4C0A7DDEA22A20B4F7221A78EF8F368AEC057793910682
Received: from [127.0.0.1] (localhost [127.0.0.1])
	 by fews01-sea.riseup.net (Postfix) with ESMTPSA id 4X8QfF6TPFzJn9d;
	Thu, 19 Sep 2024 06:31:49 +0000 (UTC)
Message-ID: <7a939fb0be5dcf4bc9501d7eb62fce306f84979b.camel@riseup.net>
Subject: Re: Discussion - Is Alpine Linux still a more secure Linux
 Distribution compared to its compatriots
From: Ralf Mardorf <ralf-mardorf@riseup.net>
To: kdmw.629@tuta.io
Cc: ~alpine/users <~alpine/users@lists.alpinelinux.org>
Date: Thu, 19 Sep 2024 08:31:47 +0200
In-Reply-To: <O77otH---B-9@tuta.io>
References: <O74GIpz--B-9@tuta.io>
	 <5ed4f8e4e4952161908a9d9f25aaf10283159264.camel@riseup.net>
	 <b2cd80332ea09b1d76825b78598c270debc72821.camel@riseup.net>
	 <a10bf73ab7d3fc9c1143159adf9821ab7e76b693.camel@riseup.net>
	 <O77otH---B-9@tuta.io>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

On Thu, 2024-09-19 at 07:48 +0200, kdmw.629@tuta.io wrote:
> And the decision to use Alpine Linux over say Debain/Fedora/Ubuntu is
> a good decision to make.

Doesn't it depend on the purpose?
How qualified or unskilled is the user?
What is the intended use? Server, Router, Desktop ...?
What exactly needs to be secured? Data, privacy, your health ...?
Who are you and who is the potential attacker?
Does it even matter what init system is used? If so, why?
Or to put it another way, is it better to use what most security teams
focus on, but probably also what most attackers focus on, or is it
better to use something that is under the development of a minority, but
perhaps less in the focus of attackers?
Some of these questions can be answered clearly, while others can only
be guessed at, which can unfortunately be completely wrong.

If you can install explosive charges in thousands of pagers, then you
can also install GPS trackers instead or in addition. So you can also
potentially track a pager.
And this reason, user, attacker chain is valid for everything, including
the choice of Linux distro.