Moving Asterisk into main

Brian J. Murrell brian at interlinx.bc.ca
Tue Jan 27 05:53:33 GMT 2009


On Tue, 13 Jan 2009 11:40:57 -0800, Kees Cook wrote:
> 
> On the other hand, it's not entirely ignored, either.

# apt-cache policy asterisk
asterisk:
  Installed: 1:1.4.17~dfsg-2ubuntu1
  Candidate: 1:1.4.17~dfsg-2ubuntu1
  Version table:
 *** 1:1.4.17~dfsg-2ubuntu1 0
        500 http://apt.interlinx.bc.ca hardy/universe Packages

IIRC, some pretty serious security bulletins have been released since 
that vintage.

> It has gotten
> attention, but it does depend on interested community members to do the
> patch hunting, backporting, and testing.

Indeed.

> Moving it to main doesn't solve the resource problem: someone still
> needs to do the updates, and resources are limited.  I would recommend
> creating a community of people that care about Asterisk, and getting
> involved with motu-swat[1] to do the patch hunting, backporting, and
> testing to go through the Security Update Procedures[2].

Good idea.  How does such a community usually get organized within the 
Ubuntu community?  Sure, somebody could just start a ML somewhere and 
hope that enough interested people find it, but surely there must some 
point of organization within Ubuntu to help kickstart this community.  
I'd be interested in being a member.

> Getting patches into the existing releases is the best way to solve
> this. Please see[2], we'd love the help.  :)  I use asterisk myself

Ditto.

> and
> have tended to hunt down patches for some of the more serious issues.

Ditto.  I suspect we are all treading the same paths and some community 
here could help reduce the duplication of effort.

b.





More information about the ubuntu-devel mailing list