> Don't most major Open Source projects ask that patches be e-mailed to > a dev mailing list? Isn't the only problem with this patch that they > didn't include the mailing list because it was of no consequence to > the majority of Asterisk users? > > I can think of NO better way to distribute patches than in an open > (both in terms of source and usage) manner. If you don't trust the > vendor of the product, ask someone that you do trust. If you don't > care enough to take care of security in your phone system you'll have > to deal with the repurcussions. > > The bottom line is that this argument has gotten completely off any > kind of productive discussion of why this is an issue that needs to be > dealt with.
In retrospect (with perfect 20-20 hindsight), isn't the issue more of: - shouldn't the distribution have been focused on escalating the patch into cvs and stable (since it is known that *'s sip support is not actually up to date in the first place) - probably Olle & Steve sponsoring the patch to the list in some form different then email, as opposed to BV doing it (BV would still need to notify their customers since no one else knows which customers are actually using *.) - maybe a better explanation of the problem impacting BV so that each of us could make an informed decision as to whether it applies to us (I'm not using nat; should I apply it? My re-registration occurs about every 25 seconds now; why should I apply the patch and move to every 14 seconds or whatever this patch is doing? Is the 25 seconds an issue for their equipment when 14 seconds is needed?) There have been pletty of other examples over the past several months where code changes to * were made for specific vendors/devices, and the majority of those came through cvs head. Seems like that would have been a much better approach. BV has known this was a problem for a long time; why is it _now_ necessary to give their customers a five- day-drop-dead ultimatum? Personnally, I don't like having to maintain individualized patches as it adds time-consuming error-prone steps to maintaining * at some reasonable currency. Rich _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
