Page MenuHomePhabricator

ask about Alpine Linux package manager security
Closed, WontfixPublic

Description

At first sight it looks like alpine's package manager suffers from the same issues as gentoo's. (Being vulnerable to indefinite freeze and downgrade attacks.)

TODO:
Ask Alpine Linux mailing list about this.

Event Timeline

Patrick created this task.Mar 3 2015, 7:22 PM
Patrick claimed this task.
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: Whonix 10, security, sponsor-B.
Patrick added a subscriber: Patrick.
Patrick closed this task as Wontfix.Mar 8 2015, 7:51 PM

The more I am considering to switch to other distributions, the more I am getting convinced, that moving away from Debian is not a good idea at this point. Debian provides so much that is difficult to get from another distribution. updated - Reasons for being based on Debian:
https://www.whonix.org/wiki/Dev/Operating_System#About_Debian

ncopa added a subscriber: ncopa.Jun 23 2015, 2:05 PM

care to give any details about indefinite freeze and downgrade attacks that gentoo has?

Why do you think apk-tools has it too?

Too long ago... Trying to find this again...

Gentoo: downgrade attacks, source:

Might also contain some info:

You might be interested in this:

Rather, maybe also in this:

Alpine apk: