<p dir="ltr"><br>
On Apr 4, 2014 10:31 AM, "R P Herrold" <<a href="mailto:herrold@owlriver.com">herrold@owlriver.com</a>> wrote:<br>
><br>
> On Fri, 4 Apr 2014, R P Herrold wrote:<br>
><br>
> Following on myself, this paper [1] touches on similar issues<br>
> which are uncovered in current Open Source crypto libraries<br>
> and tools<br>
><br>
> I know there was a comment in the JIRA [2] distrusting whether<br>
> enerprise vendors backport security fixes. I strongly<br>
> disagree with that view. Certainly the upstream of CentOS is<br>
> quite good about issuing prompt fixes which backport into a<br>
> stable API, and moving away from locally carried libraries is<br>
> a good way to get securitry updates, 'for free' into<br>
> FreeSwitch, compared to using old 'carried around' tarballs of<br>
> indeterminate security</p>
<p dir="ltr">It's also possibly a good way to get new bugs added to FS for free. Actually, that has been observed recently.</p>
<p dir="ltr">Nonetheless, we are moving to system libs in many cases.</p>
<p dir="ltr">To solve all of our problems, we would need a meta distribution that spans all operating systems and provides a dependency track for popular open source packages for not only Linux but Mac, Win32 etc. Since there is not such a thing afaik, we now must put more strain on the users of those env to find suitable depends.<br>
<br><br></p>
<p dir="ltr">> -- Russ herrold<br>
><br>
> [1] <a href="https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf">https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf</a><br>
> [2] <a href="https://jira.freeswitch.org/browse/FS-353">https://jira.freeswitch.org/browse/FS-353</a><br>
><br>
><br>
> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br>
><br>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
> <a href="http://www.cudatel.com">http://www.cudatel.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
> <a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><br>
> <a href="http://www.cluecon.com">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-dev mailing list<br>
> <a href="mailto:FreeSWITCH-dev@lists.freeswitch.org">FreeSWITCH-dev@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev">http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev">http://lists.freeswitch.org/mailman/options/freeswitch-dev</a><br>
> <a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
</p>