[asterisk-users] where is 1.4.12?

Steve Totaro stotaro at totarotechnologies.com
Thu Aug 30 11:17:40 CDT 2007


Agreed, unless the security vulnerability could allow calls to be made 
to premium rate service numbers that charge $500/min.  Obviously, you 
could have the telco block international (speaking as a person inside 
the US) dialing. 

Also, you have the disgruntled employee, ex-employee, or customer to 
worry about.

The old expression, "Don't fix it unless it is broke" does not hold true 
to some security exploits. 

"Don't fix it unless it is broke or it could break you and/or your 
bank." is more appropriate. 

Thanks,
Steve

shadowym wrote:
> Just IMHO but you shouldn't be doing regular updates on a phone system that
> is working well unless you are doing it to fix a specific problem.  It's a
> phone system not a server.  I mean security upgrades as well.  At least not
> until they have been out there for a considerable amount of time.  Yea I
> know Digium says "you should upgrade to fix this dangerous security hole
> immediately" sometimes but....again just IMHO......the odds of you having
> problems with an unpatched system from some new vulnerability are much lower
> than you messing something up by updating your system. 
>
> Once it's in production and working well, ultra conservative walking on egg
> shells second guessing any changes/updates you may be thinking about etc. is
> the way to go. 
>
> -----Original Message-----
> From: Matt [mailto:mhoppes at gmail.com] 
> Sent: Wednesday, August 29, 2007 6:48 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [asterisk-users] where is 1.4.12?
>
> I guess that's my point.  I realize asterisk is open source and FREE,
> however, I wouldn't expect a commercial application to crash as often
> as I've seen asterisk go down.   Don't get me wrong (and we're kind of
> going way off topic here), I really like asterisk, have done some bug
> tracing.... but I don't posses any kind of programming know-how with
> C... so fixing bugs is out of my court.
>
> Again.. asterisk is an amazing product.  However, I guess what I'm
> saying is, I've seen one too many "security upgrades" take a system
> down because they induced new bugs.   Or a feature upgrade that causes
> things to be broken (we're talking simple dot upgrades like 1.2.6 to
> 1.2.7 or something like that).
>
> I guess my request is just that Digium maybe spend a little more time
> in QA before rolling a release out the door.   It's just annoying when
> you do what should be a dot upgrade, and find out  a feature that had
> worked just one dot below has now stopped working, or worse yet
> asterisk segfaults.    And when it's on a production system you can't
> just "keep trying and get traces".
>
> On 8/29/07, shadowym <shadowym at hotmail.com> wrote:
>   
>> I have found the response to bug reports extremely impressive!  If
>>     
> something
>   
>> happens and I spend a bit of time to get good information to post to
>> bugs.digium.com or put it in a bug thread that matches the problem I am
>> having the response often can be very quick and sometimes resolutions can
>> come with days or even hours.  Not just from Digium but 3rd party
>> individuals as well.  These are usually not trivial bugs either but often
>> very deep hard to reproduce bugs.
>>
>> I KNOW for a fact if I did have these problems with just about any other
>> commercial product (they all have problems, you just don't know about them
>> until they happen to you) out there I would be SOL or have to put in a lot
>> more effort/time to get things moving forward towards a solution.
>>
>> This is a VERY powerful advantage of Asterisk that should NOT be
>>     
> overlooked
>   
>> IMHO.
>>
>> -----Original Message-----
>> From: Russell Bryant [mailto:russell at digium.com]
>> Sent: Wednesday, August 29, 2007 1:45 PM
>> To: Asterisk Users Mailing List - Non-Commercial Discussion
>> Subject: Re: [asterisk-users] where is 1.4.12?
>>
>> Matt wrote:
>>     
>>> Just to chime in.. we still have a few systems running 1.2.6 because
>>> of Digium's inability to fix bugs.     Every version of Asterisk we've
>>> ever tried has some sort of major bug that causes it to crash (it
>>> being Asterisk) after being up for some period of time, or something
>>> doesn't work right... then you'll have version X and version Y will
>>> come out as a security fix only, yet stuff is broken in Y that wasn't
>>> broken in X.
>>>       
>> "Digium's inability to fix bugs".  What a troll ...
>>
>> I'm sure you have never reported any of the issues you have experienced,
>> either.
>>  We surely can't fix them if they aren't reported.
>>
>> --
>> Russell Bryant
>> Software Engineer
>> Digium, Inc.
>>
>>
>>
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>     
>
>
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>   




More information about the asterisk-users mailing list