On 19/05/14 15:51, Moritz Mühlenhoff wrote: > On Fri, May 16, 2014 at 02:02:30PM +0200, Carlos Alberto Lopez Perez wrote: >> On 16/05/14 07:12, Moritz Muehlenhoff wrote: >>> Based on my experience with security support in oldstable and/or feedback >>> received from upstream or maintainers so far I would like to propose >>> to exempt the following source packages from security support in squeeze-lts: >>> >>> asterisk >> >> I'm interested in having Asterisk supported. >> >> Could you elaborate on what are the previous experiences or main >> problems that make you think that we shouldn't support it? > > Upstream support for the 1.6 branch ended some time ago and many of > the Asterisk security fixes in the past were rather intrusive to > backport. > Asterisk is also one of the few packages which has caused regressions > in security updates since the backports are rather complicated. > I have looked at the recent security patches, and you are right that some of them are quite intrusive. Back-porting them could require a significant effort or be error prone if you are not familiarized with the codebase (which I'm not). > Still, if you commit to keeping it up to date, we can certainly keep it. > I think that given the current status of affairs, better drop the support for it. I would rather invest my efforts in upgrading my Asterisk deployment. Hopefully for wheezy LTS we could support it, since the version on wheezy matches the one that upstream has picked as LTS. Regards.
Attachment:
signature.asc
Description: OpenPGP digital signature