> The external modules might be problematic since their versions are > only tied to major Asterisk releases.
Upps. Did not know that. However, that part does not work in FreeBSD at all. And I do not use it in Ubuntu either. Consequently, it does nobody prevent to secure those other parts. As long-term solution, one could use signed downloads for those external modules, and place a common public key into the tarball. That would raise the dependencies only of the external modules (to OpenPGP [1] or OpenSSL [2] for example). Even that could stay optional for the curious. [1] <http://stackoverflow.com/q/30699989> [2] <http://www.bradfordembedded.com/2016/06/openssl-file-signing> -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev