Page MenuHomePhabricator

ask about Alpine Linux package manager security
Closed, WontfixPublic


At first sight it looks like alpine's package manager suffers from the same issues as gentoo's. (Being vulnerable to indefinite freeze and downgrade attacks.)

Ask Alpine Linux mailing list about this.

Event Timeline

Patrick claimed this task.
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: Whonix 10, security, sponsor-B.
Patrick added a subscriber: Patrick.

The more I am considering to switch to other distributions, the more I am getting convinced, that moving away from Debian is not a good idea at this point. Debian provides so much that is difficult to get from another distribution. updated - Reasons for being based on Debian:

care to give any details about indefinite freeze and downgrade attacks that gentoo has?

Why do you think apk-tools has it too?

Too long ago... Trying to find this again...

Gentoo: downgrade attacks, source:

Might also contain some info:

You might be interested in this:

Rather, maybe also in this:

Alpine apk: