On Fri, May 09, 2008 at 11:50:59AM -0400, Drew Gibson wrote: > equis software wrote: > > Hi, I allways use Gentoo y my Asterisk servers and work well, but what > > do you think about to use Ubuntu or another distibution?? > > > > Thanks > > I have run Asterisk on several Fedora versions, Debian, Unslung (on the > NSLU2 or "Slug") and recently Ubuntu. My most critical servers are on > Debian and new ones will be on Ubuntu LTS. > > I have had very few OS specific issues. I have always built from source > except on the Slug but I noticed that Ubuntu has it in the apt > repository which would be a great convenience if you are new to Linux or > manage a lot of servers.
Now that you mention it, are packages of that distribution really maintained? The recent volnurability of AST-2008-006 is a good test case for that. If affects both 1.2 and 1.4 . The annoncement by Digium: http://downloads.digium.com/pub/asa/AST-2008-006.html As with the previous ones, the text is quite clear about the fix. "backporting" that patch to a slightly older version is not that tricky (and it is something that a distribution package maintainer is used to doing anyway). So what about updates? The LWN page for this advisory only lists Fedora and Debian: http://lwn.net/Articles/280318/ Response ime in both was quite reasonable. LWN also tracks adsisories from various other distributions. You can see the list in http://lwn.net/Alerts/ . The following other distributions have 'asterisk' packages: * Gentoo * Mandriva (??? - probably only in contrib and is unsupported) * rPath (Not sure. See below about AstriskNOW) * SUSE * Ubuntu (the package is in 'universe', and not officially supported) The issue is listed as corrected in AsteriskNOW 1.0.3, but the latest version available for download is 1.0.2 . If I read rpath's repository page correctly, then the most recently released version of Asterisk is 1.4.17-2 , from Feb-2008 and thus does not contain this fix. To see the versions of packages i Ubuntu: http://packages.ubuntu.com/asterisk As you can see, both Hardy and the development distribution (Interpid) include the same version of the package. As you can see from following the changelog link: http://changelogs.ubuntu.com/changelogs/pool/universe/a/asterisk/asterisk_1.4.17~dfsg-2ubuntu1/changelog The security issues of 1.4.18.1 were backported to that 1.4.17 package. But nothing about the recent advisory. The Gentoo port is basically where the Ubuntu package is: missing only the last one: http://packages.gentoo.org/package/asterisk The FreeBSD port has not been updated yet. It is still at 1.4.18, and no sign of backported fixes: http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/asterisk/ OpenBSD port was updated pretty fast (by upgrading to asterisk 1.4.19.1) http://www.openbsd.org/cgi-bin/cvsweb/ports/telephony/asterisk/ I don't know where to look for in other distributions. -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users