The Alpine Linux project is pleased to announce the immediate
availability of version 3.10.2 of its Alpine Linux operating system.

The full lists of changes can be found in the git
log[1] and gitlab[2].

[1]: http://git.alpinelinux.org/cgit/aports/log/?h=v3.10.2
[2]: https://gitlab.alpinelinux.org/alpine/aports/-/milestones/140

Git Shortlog
------------

Andy Postnikov (1):
      community/php7: security upgrade 7.3.8 - CVE-2019-11041 - CVE-2019-11041

Hi,

On Sun, 11 Aug 2019 14:29:50 -1000
Teppei Fukuda <knqyf263@gmail.com> wrote:

> Hi Copa,
> 
> My apologies for keeping asking you questions, but I have one more question.
> 
> When I've been following the recent security related commits of
> alpine/aports, I've noticed that you always write secfixes comment
> even if they were not backported fixes. Was this defined as a rule?

No, it was never an expressed or documented rule or request or

Hi,

On Mon, 5 Aug 2019 14:30:30 +0000
"Daniels, Hans-Joachim" <Hans-Joachim.Daniels@turck.com> wrote:

> > apine its a trademark ?  
> 
> Your last question left me puzzled. Somehow I can't imagine that the project name isn't protected.

I spoke with a lawyer in USA a couple of years ago about this. First,
"Linux" is already trademarked, so we can not trademark "Alpine Linux".
I haven't checked with "Alpine" but it would surprise me if it wasn't
already.

On Fri, 26 Jul 2019 11:15:33 -0400
"Drew DeVault" <sir@cmpwn.com> wrote:

> These changes have been implemented. If you were unable to send due your
> client being unable to send plaintext email, you should be able to send
> now. To support participants using plaintext-only mail clients, all HTML
> emails are required to be formatted as multipart/alternative with a
> text/plain part as well - however, nearly all mail clients will do this
> for you without any additional configuration.

Thank you for the work you have put into this and for responding quickly.

I would also like to kindly ask participants to use plain text whenever
possible.

Hi!

As you may have noticed the new mailing list blocks mails containing
HTML. This has caused some frustration and confusion.

I personally prefer plain text emails for various reasons, but at the
same time I think we should be forgiving to those who for some reason
cannot disable HTML emails. Blocking them to express their opinion is
worse than making it difficult or inconvenient for the recipient to
read it.

I would like everyone to know that we are working on solving this by
allowing emails with HTML and plain text in the alpine-user and
alpine-devel mailing lists.

On Wed, 24 Jul 2019 09:13:39 +0200
Olliver Schinagl <oliver+list@schinagl.nl> wrote:

> Hey Nathanael,

Hi!

 
> On 23-07-2019 21:29, Natanael Copa wrote:
> > On Tue, 23 Jul 2019 08:28:11 +0200
> > Olliver Schinagl <oliver+list@schinagl.nl> wrote:
> >   
> >> Hey list,
> >>

On Tue, 23 Jul 2019 08:28:11 +0200
Olliver Schinagl <oliver+list@schinagl.nl> wrote:

> Hey list,
> 
> over the past year or so, I've started to contribute to Alpine Linux's 
> aports, and have met various codestyles. To get to the bottom of what is 
> 'the' Alpine Linux codestyle, I came up empty handed, there is no 
> CODESTYLE.md, no search query that finds anything nor on the wiki.
> 
> Now of course, the document could be hiding out of plain site, and if 
> that is the case, other then saying 'make it findable', I appologize for 
> even bringing anything up here.

On Tue, 23 Jul 2019 17:54:40 +0900
Teppei Fukuda <knqyf263@gmail.com> wrote:

> Hi Carlo,
> 
> Yes, it is. However, alpine-secdb is database of backported fixes as
> README says.
> >It is not a complete database of all security issues in Alpine.  
> 
> I need a complete database of all security issues.

We currently don't have that. I do think we have much or maybe even
most of the needed data, but its spread.

On Tue, 23 Jul 2019 13:57:08 +0530
Ladar Levison <ladar@lavabit.com> wrote:

> Just wondering what the motivation behind commit
> 8d2a4e449d4e15ddcf41ab1aade94a83f6ed4308 ... which updates the default
> OpenSSH daemon config with 'AllowTcpForwarding no'. Was there a reason
> or specific attack vector the change is meant to mitigate? All I could
> find is a vague reference to bad passwords? It seems to me the two
> things are unrelated, as the port is still exposed if the machine has a
> public IP address. All this does is make it more difficult for an admin
> to setup an explicit port forwarding rule. All I could fine was this:
> 
> https://git.alpinelinux.org/aports/commit/?id=495bbd7fb1f07c23a1f2d47a071aa5519e08744c

On Tue, 23 Jul 2019 16:42:43 +0900
Teppei Fukuda <knqyf263@gmail.com> wrote:

> Hi Copa,
> 
> Thank you for the quick response! I will watch the issues of the
> aports repository.
> 
> By the way, I developed the crawler to save the vulnerability
> information of Alpine as JSON format like the following.
> Data: https://github.com/knqyf263/vuln-list/tree/master/alpine
> Program: https://github.com/knqyf263/vuln-list-update/tree/master/alpine

Oh, nice!