Page MenuHomePhabricator
Create Task
Maniphest T212

ask about Alpine Linux package manager security
Closed, WontfixPublic
Actions

Description

At first sight it looks like alpine's package manager suffers from the same issues as gentoo's. (Being vulnerable to indefinite freeze and downgrade attacks.)

TODO:
Ask Alpine Linux mailing list about this.

Event Timeline

Patrick created this task.Mar 3 2015, 6:22 PM
Patrick claimed this task.
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: Whonix 10, security, sponsor-B.
Patrick added a subscriber: Patrick.
Herald added a project: Whonix. · View Herald TranscriptMar 3 2015, 6:22 PM
Herald added subscribers: troubadour, WhonixQubes. · View Herald Transcript
Patrick closed this task as Wontfix.Mar 8 2015, 6:51 PM

The more I am considering to switch to other distributions, the more I am getting convinced, that moving away from Debian is not a good idea at this point. Debian provides so much that is difficult to get from another distribution. updated - Reasons for being based on Debian:
https://www.whonix.org/wiki/Dev/Operating_System#About_Debian

ncopa added a subscriber: ncopa.Jun 23 2015, 12:05 PM

care to give any details about indefinite freeze and downgrade attacks that gentoo has?

Why do you think apk-tools has it too?

Patrick added a comment.Jun 23 2015, 2:59 PM

Too long ago... Trying to find this again...

Gentoo: downgrade attacks, source:

Might also contain some info:

You might be interested in this:

Rather, maybe also in this:

Alpine apk:

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer