I would like to get information that important package updates occured (e.g. connected with security updates) - so that I know, that I need to rebuild my Alpine-based images with apps.
It could be sth similar to Debian's https://www.debian.org/security/ with the list DSA https://lists.debian.org/debian-security-announce/ .
There are some mailing lists for Alpine https://lists.alpinelinux.org/lists/%7Ealpine , but they seem not sufficient for my use case (e.g. https://lists.alpinelinux.org/~alpine/announce has only info about OS releases).
Is there anything like that? Or: Is there any other procedure to keep Alpine-based systems secure?
Didn't found nothing fancy like Debian's security page, but you might have a look into this: https://git.alpinelinux.org/aports/log/?h=v3.10.3
The security fixes appear on the log message, might be possible to track it by that.
This matter was discussed these days at alpine/users group here So for now the best and acceptable for me option is to use the RSS feed. The RSS feed is with info about closed Security issues.
RSS: https://gitlab.alpinelinux.org/alpine/aports/issues.atom?state=closed&label_name%5B%5D=T-Security
List of issues in GitLab: https://gitlab.alpinelinux.org/alpine/aports/issues?state=closed&label_name%5B%5D=T-Security
So you can get notified about new SecFixes and decide if you need to rebuild your images. You can use rss2email to be notified via e-mail.