On Sat, 18 Aug 2007, Kilian Krause wrote: > > Comments? > > If the rest of pkg-voip developers agrees, i'll just put up a pseudo > RC-bug against asterisk to make sure it's not progressing into testing > anymore (and therefore not contained in stable release of Lenny and > newer).
Kilian, I don't agree with keeping asterisk out of lenny permanently, I think we should wait until closer to the lenny release and then make that decision. In the event that asterisk 1.4.x is stable and in maintenance fixes upstream, then I see no reason why it should be excluded from lenny. Asterisk 1.2.x is a different beast, and etch was released with the current asterisk 1.2.x then we could maintain, via upstream security releases. But etch was released with an early asterisk 1.2, and that is what we have to work with. I can see an argument for asterisk 1.2.x being removed from etch. We need to either: 1. Continue/ start to backporting security fixes from 1.2.x, or 2. Remove asterisk 1.2.x from etch, and/or 3. Track upstream 1.2.x security releases, via volatile or just direct our users to pkg-voip.buildserver.net for etch packages. For lenny, I recommend we get ftp-master to force the removal of asterisk 1.2.x, it FTBFS, it has vulnerabilities etc. In the meantime, I think it is suitable for asterisk 1.4 to migrate to lenny via unstable per the normal rules. As vulnerabilities are discovered we publish the fix into unstable and migrate according to the two/five day rules. Mark
signature.asc
Description: This is a digitally signed message part.