
Alpine Linux 3.4.0 Released - xfiler
http://alpinelinux.org/posts/Alpine-3.4.0-released.html
======
trevorhartman
Awesome. I've been waiting for the DNS fix (along with everyone else) so I can
run it on Kubernetes.

I don't see a new Docker tag yet:
[https://hub.docker.com/r/library/alpine/tags/](https://hub.docker.com/r/library/alpine/tags/)
Anyone know when it's expected to hit? Edit: here's the issue tracking it
[https://github.com/gliderlabs/docker-
alpine/issues/178](https://github.com/gliderlabs/docker-alpine/issues/178)

~~~
trevorhartman
Docker image is up!
[https://hub.docker.com/r/library/alpine/tags/](https://hub.docker.com/r/library/alpine/tags/)

------
gbrown_
Anyone know how things are panning out after the grsecurity stopped making
their stable patch series freely available? There was a fourm post and message
on the mailing list a while but I've not been able to find anything more
recent.

~~~
geofft
How exactly are they doing this without either violating the GPL or failing to
keep their patches secret?

~~~
cyphar
My understanding is that they threaten to never give someone who distributes
their patches any more updates. While the GPL does not forbid this (it's a
contract you agreed to with the party), I'm fairly sure that such a contract
would be considered acting in bad faith (you're adding additional restrictions
through coercion rather than changing the license terms). I'm not a lawyer,
but I'd be surprised if such sneakiness hasn't already been deemed illegal by
the courts.

I'm also surprised nobody has asked the SFConservancy to take GRSecurity to
court over it. You'd think even Linus (who doesn't agree with the underlying
spirit of the GPL -- all software should be free) would have a problem with
"not getting patches back".

------
rdsubhas
> support for DNS search in /etc/resolv.conf

Big news. This was a huge blocker in containerized environments, now can't
wait to try this out. Great work!

~~~
eknkc
Yeah we could not use alpine based images on kubernetes all this time, should
work just fine now.

------
wonks
I see it uses busybox. Does this mean it's for low-spec instances and embedded
devices, or did they base it on busybox because shellshock only affected GNU
Bash and they felt the GNU tools couldn't be trusted anymore?

~~~
thawkins
It's used a lot as a guest os useland and init inside docker deployments,
becuase it's very small. This means you can run a lot of docker images in one
machine if you use alpine inside them, fully loaded alpine docker base is
about 8mb.

~~~
technion
The thing I've liked about this is that bloat isn't just about size.

If you have no reason to interact with the userland tools inside a Docker
container, you similarly have no reason to introduce their complexity and
attack surface in a container designed to run one service.

My current "minimal" installation shows 25 SUID binaries (a large amount of
them being systemd related...) and my server services need very few of these.

~~~
cyphar
If you're that concerned about bloat, you can use the scratch image to start
from a completely empty rootfs.

------
omginternets
I've dabbled with Alpine and been very impressed, but ultimately my team is
using a debian base image because we ran into occasional difficulties linking
against musl.

We still haven't hit any apparent bottlenecks using debian:jessie. Where are
said bottlenecks? Where should I be paying attention?

------
nivertech
Is there Alpine Linux AMIs for AWS and/or images for GCE?

~~~
justincormack
Not yet unfortunately that I know of. There are some oldish instructions for
AWS here
[https://wiki.alpinelinux.org/wiki/Install_Alpine_on_Amazon_E...](https://wiki.alpinelinux.org/wiki/Install_Alpine_on_Amazon_EC2)
and it was suggested that a community project might help build official cloud
images.

