Open ventz opened 4 years ago
They did. You are welcome to use my branch, if you like but I'm not wasting my time dealing with the inane nonsense there anymore.
https://github.com/tcely/aports/commit/3048daa1f03bb042413f44ccf54a889990a86e40
I have built packages from this on edge on dockerhub.
docker pull tcely/alpine-aports:builder-bind
I am hitting the same point. I emailed Natanael a few days back btw as a heads up.
Are you planning on maintaining the package + alpine edge port going forward on your own? (I don’t mind doing the same for bind/contributing if you don’t have time.)
I am not sure what is going on with alpine (growing/ops pains under docker?), but I’ve noticed that security is not a priority. I really like the small and light footprint, but the package security really worries me. Considering going back to Ubuntu, which patches within 24-48 hrs, and is 78 MB at this point. While thats not 5-6 MB, the security tradeoff is starting to be worth it.
I'm currently using bind
in docker for a few services I rely on so I'll update that as I get around to it. There are no promises though.
Had I gotten the cooperation I was hoping for, I would have moved master
and edge
to 9.16
by now. That's the next ESV according to ISC.
My biggest regret was that 3.x
moved away from ESV too soon.
Quick question: I see that these are fixed in 9.14.12, which is now shipped by Alpine in 3.12. Would you be open to a pull request to get this version bump into the docker image?
Reporting two vulnerabilities - both are High severity and exploitable Remotely
and
@tcely ping. I think the alpine project moved to Gitlab a while back.