Moving Asterisk into main
Brian J. Murrell
brian at interlinx.bc.ca
Tue Jan 27 05:53:33 GMT 2009
On Tue, 13 Jan 2009 11:40:57 -0800, Kees Cook wrote:
>
> On the other hand, it's not entirely ignored, either.
# apt-cache policy asterisk
asterisk:
Installed: 1:1.4.17~dfsg-2ubuntu1
Candidate: 1:1.4.17~dfsg-2ubuntu1
Version table:
*** 1:1.4.17~dfsg-2ubuntu1 0
500 http://apt.interlinx.bc.ca hardy/universe Packages
IIRC, some pretty serious security bulletins have been released since
that vintage.
> It has gotten
> attention, but it does depend on interested community members to do the
> patch hunting, backporting, and testing.
Indeed.
> Moving it to main doesn't solve the resource problem: someone still
> needs to do the updates, and resources are limited. I would recommend
> creating a community of people that care about Asterisk, and getting
> involved with motu-swat[1] to do the patch hunting, backporting, and
> testing to go through the Security Update Procedures[2].
Good idea. How does such a community usually get organized within the
Ubuntu community? Sure, somebody could just start a ML somewhere and
hope that enough interested people find it, but surely there must some
point of organization within Ubuntu to help kickstart this community.
I'd be interested in being a member.
> Getting patches into the existing releases is the best way to solve
> this. Please see[2], we'd love the help. :) I use asterisk myself
Ditto.
> and
> have tended to hunt down patches for some of the more serious issues.
Ditto. I suspect we are all treading the same paths and some community
here could help reduce the duplication of effort.
b.
More information about the ubuntu-devel
mailing list