It has come to the security team's attention that there are Docker images that make use of
It has also come to the security team's attention that end users and developers of these Docker images believe that
alpine-pkg-glibc is supported by the Alpine community in some way, which it obviously is not.
aports!24647 (closed) was a proposed update to
musl which blocks installation of the glibc packages provided by the
alpine-pkg-glibc project. The
alpine-pkg-glibc project may rebuild the
musl package with
abuild.conf if they wish to provide their own
musl package in their repo. We have concluded based on informal consensus to approach this as a documentation issue instead.
We may also wish to request the
alpine-pkg-glibc project rename itself in order to make it more clear to the community that it is NOT an officially blessed project of Alpine, but that is an issue for the council.
Thusly, there are two items referred:
Should we accept the proposed
- Should we refer the
alpine-glibcbranding issue to the council to follow up on?