Bug#435521: closed by Mark Purcell <msp at debian.org> (Re: Asterisk SIP DOS Vulnerability)
Martin Schulze
joey at infodrom.org
Sat Aug 18 05:57:01 UTC 2007
Faidon Liambotis wrote:
> Granted, we have a very very bad record as maintainers of supporting
> this security-wise but I think we can try to change that. I certainly
> will try my best to provide you with patched versions to upload.
> I haven't discuss this with the rest of the team yet but I think they
> are willing of helping with this.
The main problem is that Asterisk is team maintained and nobody in
the team (except you at the moment) seems to care about a save version
of asterisk in stable and oldstable. The security team itself is not
able to support the package on its own and thus has to depend on the
respective maintainers.
> I don't think that it serves our users to not provide security support
> for asterisk, especially considering its popularity.
The question is what is better:
. stale version of Asterisk with local and remote vulnerabilities
in Debian stable, OR
. no version of Asterisk in Debian stable at all
Moritz preference is the second.
Regards,
Joey
--
WARNING: Do not execute! This call violates patent DE10108564.
http://www.elug.de/projekte/patent-party/patente/DE10108564
wget -O patinfo-`date +"%Y%m%d"`.html http://patinfo.ffii.org/
Please always Cc to me when replying to me on the lists.
More information about the Pkg-voip-maintainers
mailing list