[Asterisk-Users] Broadvoice asterisk patch
Jay Milk
jay at skimmilk.net
Wed Nov 10 16:03:12 MST 2004
Why don't you make your disdain known to Broadvoice, rather than
Asterisk users? To claim that someone opens a security hole by
accepting a verified patch via email, is the same as claiming that you
never have a security hole just because you download from "trusted"
sites. Webservers can be hacked, you know. And not every
buffer-overflow will lead to a security issue -- many just crash the
system.
Could we please get back on topic?
> -----Original Message-----
> From: Michael Giagnocavo [mailto:mgg-digium at atrevido.net]
> Sent: Wednesday, November 10, 2004 4:14 PM
> To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
> Subject: RE: [Asterisk-Users] Broadvoice asterisk patch
>
>
> >I can confirm that the patch is legit. Olle wrote it up
> last week and
> >we have been testing the patch for several days. I have
> installed it on
> >all of my Asterisk boxes and it appears to do no harm.
>
> That's not the point. The point is distributing patches via
> email is a horrible way to do patches, and teaches users to
> "just trust what comes in the mail". It should be put on a
> site that's trusted and easily verified and a notice of that
> sent out. Even Microsoft has this down.
>
> -Michael
More information about the asterisk-users
mailing list