hi i recently discovered this on accident with no respones from alpine developers
a package maintianer goes by name "omni" who has special interest in tor and cryptographic packages has been pushing advanced rootkits into packages.
tor package for example uses the same package tor to do communcation
i contacted alpine developers with everything and they are simply unresponsive
please execerice caution most of his packages are in 'community' repo however some packages are also in 'main'