I'm asking myself how much Yunohost is secure and how we can verify/audit it.
Yunohost, it's not only the Yunohost system, it's also Debian (if you use Debian) and the web apps you install... So there's different projects involved and each part of this "ecosystem" can be a single point failure (you can have the last version of Yunohost on an not updated Debian with security breach in it ; or the webapps you use was not audited...)
Every parts is "opensource" so the code is auditable and I hope it's done
For a first time, I'd like to know if someone use some pentests tools (with Kali Linux for exemple) to test it's own Yunohost installation?
Personnly, as I want to learn some pentest tools, it will be a good exercise.
I launch this thread in order to get some ideas, if some people wants to help...