[asterisk-dev] Re: Security Through Obscurity
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Mar 5 03:51:46 MST 2007
On Mon, Mar 05, 2007 at 08:58:04PM +1100, Edwin Groothuis wrote:
>
> The issue is there, the problem is in the field. The bad guys knew
> the moment you announced it, the good guys could have known it a
> little bit earlier if they were warned.
I figure that this was the original intention. But then some "solution
provider" decided he could help a few select customers of his and
alarmed the whole world.
>
>
> Digium has its policy with regarding to this, and I will respect
> them, but as you can see, I don't fully agree with it.
I figure that for many if not most people "upgrading to the latast stable
version" is not practical: there are simply too many changes even
between versions of 1.2 and upgrading is generally considered a non-safe
step that requires testing.
I fully appreciate, though, Digium's efforts for backporting fixes to
1.2 as well as 1.4.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir at jabber.org
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list