[Freeswitch-dev] VoIP Security

Anthony Minessale anthony.minessale at gmail.com
Sat Apr 5 23:31:30 MSD 2014


On Apr 4, 2014 10:31 AM, "R P Herrold" <herrold at owlriver.com> wrote:
>
> On Fri, 4 Apr 2014, R P Herrold wrote:
>
> Following on myself, this paper [1] touches on similar issues
> which are uncovered in current Open Source crypto libraries
> and tools
>
> I know there was a comment in the JIRA [2] distrusting whether
> enerprise vendors backport security fixes.  I strongly
> disagree with that view.  Certainly the upstream of CentOS is
> quite good about issuing prompt fixes which backport into a
> stable API, and moving away from locally carried libraries is
> a good way to get securitry updates, 'for free' into
> FreeSwitch, compared to using old 'carried around' tarballs of
> indeterminate security

It's also possibly a good way to get new bugs added to FS for free.
Actually, that has been observed recently.

Nonetheless, we are moving to system libs in many cases.

To solve all of our problems, we would need a meta distribution that spans
all operating systems and provides a dependency track for popular open
source packages for not only Linux but Mac, Win32 etc.  Since there is not
such a thing afaik,  we now must put more strain on the users of those env
to find suitable depends.


> -- Russ herrold
>
> [1] https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
> [2] https://jira.freeswitch.org/browse/FS-353
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20140405/c38887c8/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-dev mailing list