Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 125672258C3 for <~alpine/users@lists.alpinelinux.org>; Wed, 18 Sep 2024 15:19:04 +0000 (UTC) Received: from fews01-sea.riseup.net (fews01-sea-pn.riseup.net [10.0.1.109]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx1.riseup.net (Postfix) with ESMTPS id 4X82P31JZ5zDqQV for <~alpine/users@lists.alpinelinux.org>; Wed, 18 Sep 2024 15:19:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1726672743; bh=PBanHK/ABS7z1fSPe8xTPNdx4HeH5FlVn3rQRnG1nT8=; h=Subject:From:To:Date:In-Reply-To:References:From; b=Ni6tHqnkblaZGf4Y57wgB13KH5cljp06jAPnhJmCdJSjLQOhx3ekFQp/b2YUdLU8r f78e8WRQzhmfryxFFLC28pmXZVM9ynPVSFzdM9IkW7tee+0+DWwVnXasMP8EQsIRRg 9w70QCilesJ9RwLQFYzvXL4ZvtWR++VGQG2Nx4hM= X-Riseup-User-ID: CD59811C432D71EAA3CDEB7C19F0550CAAD56CEA52BC85B1155077B8FA4E47C5 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews01-sea.riseup.net (Postfix) with ESMTPSA id 4X82P23wv6zJrX5 for <~alpine/users@lists.alpinelinux.org>; Wed, 18 Sep 2024 15:19:02 +0000 (UTC) Message-ID: Subject: Re: Discussion - Is Alpine Linux still a more secure Linux Distribution compared to its compatriots From: Ralf Mardorf To: ~alpine/users@lists.alpinelinux.org Date: Wed, 18 Sep 2024 17:18:59 +0200 In-Reply-To: <5ed4f8e4e4952161908a9d9f25aaf10283159264.camel@riseup.net> References: <5ed4f8e4e4952161908a9d9f25aaf10283159264.camel@riseup.net> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 PS On Wed, 2024-09-18 at 16:54 +0200, Ralf Mardorf wrote: > On Wed, 2024-09-18 at 15:38 +0200, kdmw.629@tuta.io=C2=A0wrote: > > Should Alpine be considered as more secure or equal secure compared > > to its peers like Debian, Ubuntu, Fedora, etc? ^^^^^^ It's important to understand the policy of a used distro, e.g. related to repository components. Ubuntu is an excellent example: "[snip] Main The main component contains applications that are free software [snip] and that the Ubuntu security and distribution team are willing to support. When you install software from the main component, you are assured that the software will come with security updates and that commercial technical support is available from Canonical. Restricted [snip] Please note that it may not be possible to provide complete support for this software because we are unable to fix the software ourselves [snip] Universe [snip] Canonical does not provide a guarantee of regular security updates for software in the universe component [snip] Multiverse The multiverse component [snip] is not supported and usually cannot be fixed or updated. Use it at your own risk. [snip]" - https://help.ubuntu.com/community/Repositories