Alpine + Vulnerabilities

Another day, another paged-by-CEO-at-midnight "patch-it-yesterday"-tier vulnerability I don't have to worry about because my servers run Alpine Linux.

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

(OpenBSD is similarly invulnerable)

Reasons not to run Alpine Linux in production:

• Short release cycle
• Lack of familiarity with the drawbacks
• Lack of familiarity with the workarounds for said drawbacks
• You've not heard of Alpine
• You're a systemd power user (if those exist)
• You want your OS to use more RAM and CPU for no reason

Seriously, Alpine continues to rock.

back to gemlog