Why don't you make your disdain known to Broadvoice, rather than Asterisk users? To claim that someone opens a security hole by accepting a verified patch via email, is the same as claiming that you never have a security hole just because you download from "trusted" sites. Webservers can be hacked, you know. And not every buffer-overflow will lead to a security issue -- many just crash the system.
Could we please get back on topic? > -----Original Message----- > From: Michael Giagnocavo [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 10, 2004 4:14 PM > To: 'Asterisk Users Mailing List - Non-Commercial Discussion' > Subject: RE: [Asterisk-Users] Broadvoice asterisk patch > > > >I can confirm that the patch is legit. Olle wrote it up > last week and > >we have been testing the patch for several days. I have > installed it on > >all of my Asterisk boxes and it appears to do no harm. > > That's not the point. The point is distributing patches via > email is a horrible way to do patches, and teaches users to > "just trust what comes in the mail". It should be put on a > site that's trusted and easily verified and a notice of that > sent out. Even Microsoft has this down. > > -Michael _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
