>> Don't bother with that, go straight to the source! >> http://packages.asterisk.org/ >> These get updated rather quickly. >> >> jlc > >+1 for this suggestion. > >Starting out it may be easier to pull packages from a repo if you're not familiar with building from source. BUT, in the long run, you'll need to learn it. When a security >vulnerability is fixed, you don't want to wait any longer than necessary for the package maintainer to get around to updating. Just grab the source and build. Also, the packages >don't always have all the functionality you may require (codecs, modules, etc). There are plenty of docs on how to do this as well as many helpful people on the Asterisk-Users >mailing list. You completely misunderstood my suggestion, and actually suggested something I learned a long time ago to never do:) The url as suggested by the name, *is* an rpm package repo. As I said, the packager gets these built with new releases and/or kernel updates very fast. Compiling software and bypassing the package mangler is always a risk for trouble down the road. Given the many deps Asterisk may require, its simpler to use this repo versus compiling. An aside as well, I see many people on this list always concerned with vulns and patches and always eager to simply `yum update`. FWIW, if the vuln doesn't affect you, it's not a vuln for *you*. You may not have the module installed/active or in my case, the internet facing exposure is limited to an VSP who I *very much* doubt would use my system to dial for free based on one of the recent vulns. I wouldn't panic about being at risk for vulns *just because* a vuln exists, it may not affect you. I had an Ast box running without a reboot or update in almost a year cuz I couldn't get the window. Its exposure was so highly minimized that it wasn't even a consideration. None of the updates pertaining to stability were ever applicable either to my best knowledge so I didn't worry... jlc