[Asterisk-Users] Broadvoice asterisk patch

Jay Milk jay at skimmilk.net
Wed Nov 10 16:03:12 MST 2004


Why don't you make your disdain known to Broadvoice, rather than
Asterisk users?  To claim that someone opens a security hole by
accepting a verified patch via email, is the same as claiming that you
never have a security hole just because you download from "trusted"
sites.  Webservers can be hacked, you know.  And not every
buffer-overflow will lead to a security issue -- many just crash the
system.

Could we please get back on topic?

> -----Original Message-----
> From: Michael Giagnocavo [mailto:mgg-digium at atrevido.net]
> Sent: Wednesday, November 10, 2004 4:14 PM
> To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
> Subject: RE: [Asterisk-Users] Broadvoice asterisk patch
> 
> 
> >I can confirm that the patch is legit.  Olle wrote it up
> last week and
> >we have been testing the patch for several days.  I have
> installed it on
> >all of my Asterisk boxes and it appears to do no harm.
> 
> That's not the point. The point is distributing patches via
> email is a horrible way to do patches, and teaches users to 
> "just trust what comes in the mail". It should be put on a 
> site that's trusted and easily verified and a notice of that 
> sent out. Even Microsoft has this down. 
> 
> -Michael




More information about the asterisk-users mailing list