[asterisk-dev] Re: Security Through Obscurity
    Tzafrir Cohen 
    tzafrir.cohen at xorcom.com
       
    Mon Mar  5 03:51:46 MST 2007
    
    
  
On Mon, Mar 05, 2007 at 08:58:04PM +1100, Edwin Groothuis wrote:
> 
> The issue is there, the problem is in the field. The bad guys knew
> the moment you announced it, the good guys could have known it a
> little bit earlier if they were warned.
I figure that this was the original intention. But then some "solution
provider" decided he could help a few select customers of his and
alarmed the whole world.
> 
> 
> Digium has its policy with regarding to this, and I will respect
> them, but as you can see, I don't fully agree with it.
I figure that for many if not most people "upgrading to the latast stable 
version" is not practical: there are simply too many changes even 
between versions of 1.2 and upgrading is generally considered a non-safe 
step that requires testing.
I fully appreciate, though, Digium's efforts for backporting fixes to 
1.2 as well as 1.4.
-- 
               Tzafrir Cohen       
icq#16849755                    jabber:tzafrir at jabber.org
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com       
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir
    
    
More information about the asterisk-dev
mailing list