Faidon Liambotis wrote: > Granted, we have a very very bad record as maintainers of supporting > this security-wise but I think we can try to change that. I certainly > will try my best to provide you with patched versions to upload. > I haven't discuss this with the rest of the team yet but I think they > are willing of helping with this.
The main problem is that Asterisk is team maintained and nobody in the team (except you at the moment) seems to care about a save version of asterisk in stable and oldstable. The security team itself is not able to support the package on its own and thus has to depend on the respective maintainers. > I don't think that it serves our users to not provide security support > for asterisk, especially considering its popularity. The question is what is better: . stale version of Asterisk with local and remote vulnerabilities in Debian stable, OR . no version of Asterisk in Debian stable at all Moritz preference is the second. Regards, Joey -- WARNING: Do not execute! This call violates patent DE10108564. http://www.elug.de/projekte/patent-party/patente/DE10108564 wget -O patinfo-`date +"%Y%m%d"`.html http://patinfo.ffii.org/ Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]