[asterisk-dev] Asterisk Release Schedule
tlesher at digium.com
Fri Oct 9 18:04:48 CDT 2009
On Friday 09 October 2009 02:19:24 Johan Wilfer wrote:
> For some time ago there was a lot of talk about the Asterisk code base
> changing to fast, to much. Despite the sometimes harsh words we have
> seen many compatibility-options since then making it a lot easier to
> upgrade between release series.
> In light of this I would suggest adding a year or two to the EOL of the
> release series, stretching the period when only security issues are
> fixed. For example look at 1.2 that have spend approx 3 years that way
> when end-of-life is reached.
> The point is - how much work is involved in making these security fixes?
> I this this would make those users who hire an asterisk-consultant very
> happy... Could this be done with a resonable efort?
Quite a lot, actually. Asterisk 1.2 varies dramatically from 1.4 (much more
than the differences between, say, 1.4 and 1.6.0) and so it's a PITA to
backport security fixes to 1.2 most of the time. Usually, it requires
rewriting the patch from scratch. It might be possible, however, to extend
the security periods of LTS releases. How far, I don't know, but we can have
that discussion (probably at Astricon next week).
Digium, Inc. | Senior Software Developer
twitter: Corydon76 | IRC: Corydon76-dig (Freenode)
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-dev