So Alpine Linux has a pretty serious set of vulnerabilities because

- It doesn’t download packages over TLS, making them prone to MitM. Which on its own isn’t terrible but it also...

- Doesn’t check hashes before extracting to root (!)

- And uses custom gzip code which is vulnerable to arbitrary code execution (!!)


@cypnk worth it to avoid richard stallman's crusty influence (GNU coreutils(


@lynnesbian @cypnk Not that he's anything to do with it...

Ironically some of the Alpine Linux devs that I've managed to stumble upon are pretty irrationally anti-Stallman themselves...

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!