I'm giong to get totally flamed for this but: Don't most major Open Source projects ask that patches be e-mailed to a dev mailing list? Isn't the only problem with this patch that they didn't include the mailing list because it was of no consequence to the majority of Asterisk users?
I can think of NO better way to distribute patches than in an open (both in terms of source and usage) manner. If you don't trust the vendor of the product, ask someone that you do trust. If you don't care enough to take care of security in your phone system you'll have to deal with the repurcussions. The bottom line is that this argument has gotten completely off any kind of productive discussion of why this is an issue that needs to be dealt with. I've read the patch (and I'm not a C genius, it's a brain-dead simple patch) and had a buddy verify that my thoughts were correct, took me almost (but not quite) as long as applying and update from Microsoft. In the end when I apply it, I KNOW what it did, even though it came in e-mail, instead of hoping that Microsoft has my best interest in mind. _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
