So Alpine Linux has a pretty serious set of vulnerabilities because

- It doesn’t download packages over TLS, making them prone to MitM. Which on its own isn’t terrible but it also...

- Doesn’t check hashes before extracting to root (!)

- And uses custom gzip code which is vulnerable to arbitrary code execution (!!)

justi.cz/security/2018/09/13/a

@cypnk

> If you use Alpine Linux in a production environment, you should 1. rebuild your images and 2. consider donating what you can to the developers. It seems like apk has one main developer who fixed this bug in less than a week. The lead maintainer of Alpine cut a new release shortly thereafter.

tfw your industry is locked in resource glut and labor starvation

Follow

@garbados The priorities are so completely screwed up and upside down in the tech industry, I’m seriously considering becoming a potato farmer

It would also be a better investment than Bitcoin since it shows inherent proof of work, is hacker proof, and delicious

@cypnk
Welp, now I'm trying to draw parallels between the future of bitcoins and the irish famine of 1845.
@garbados

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!