[Asterisk-Users] Broadvoice asterisk patch

[Michael Giagnocavo]

>Don't most major Open Source projects ask that patches be e-mailed to
>a dev mailing list?  Isn't the only problem with this patch that they
>didn't include the mailing list because it was of no consequence to
>the majority of Asterisk users?

Well, I was not going to this thread, but if you're asking this, then there
are some things that aren't clear.

Mailing to a dev mailing list is different, since you're essentially saying
"Here's something we fixed. Check it out.". Emailing your customers and
saying "urgent red alert install this patch or we're gonna cut your service"
is a completely different thing (and with no link or anything to verify).
The issue is more about how a company is dealing with its clients, not how
open source developers deal with code. 

Another difference is that dev lists go to people who are at least thinking
that they are devs. Many customers are not devs. If I'm running Asterisk
cause it's cool, and I get an urgent message telling me to install a patch,
I'll do it since I don't want to have my service suspended. This is the same
social engineering attack that email viruses use. That's why a good company
won't send out binaries or harmful instructions in email.

As Linux and Asterisk get more broad exception, the level of people using it
will decrease. They might have had some reservations about blindly trusting
patches via email, but now we've seen that this is sometimes legitimate.
That sets a bad precedent for the future. Don't ASSume anything about your
customers.

-Michael