No one said anything about not using sourcecode, but the only source you get off the official website is 2.7 and no information about where to access any development repositories. So as long as you stick to official information, 2.7 is the most current you can get. I have no idea who is developing what in which repository and who's repository merges into official releases, so I write my patches against 2.7. I may look around at what other people are doing, but as long as it isn't an official beta or RC on the website, I'm not going to worry much about what people do in their repositories.Even if I know where it is (and probably most other people following the list) I suspect anyone that is considering using OSSEC in a production environment will want to stick with the stable releases found on the official website.That seems like a flaw in their process. If they refuse to use the source, why use open source?
smime.p7s
Description: S/MIME Cryptographic Signature
