Joseph L. Casale wrote: >>> Don't bother with that, go straight to the source! >>> http://packages.asterisk.org/ >>> These get updated rather quickly. >>> >>> jlc >>> >> +1 for this suggestion. >> >> Starting out it may be easier to pull packages from a repo if you're not familiar with building from source. BUT, in the long run, you'll need to learn it. When a security >vulnerability is fixed, you don't want to wait any longer than necessary for the package maintainer to get around to updating. Just grab the source and build. Also, the packages >don't always have all the functionality you may require (codecs, modules, etc). There are plenty of docs on how to do this as well as many helpful people on the Asterisk-Users >mailing list. >> > > You completely misunderstood my suggestion, and actually suggested something I > learned a long time ago to never do:) > > The url as suggested by the name, *is* an rpm package repo. As I said, the > packager gets these built with new releases and/or kernel updates very fast. > > Compiling software and bypassing the package mangler is always a risk for > trouble down the road. Given the many deps Asterisk may require, its simpler > to use this repo versus compiling. > > An aside as well, I see many people on this list always concerned with vulns > and patches and always eager to simply `yum update`. FWIW, if the vuln doesn't > affect you, it's not a vuln for *you*. You may not have the module installed/active > or in my case, the internet facing exposure is limited to an VSP who I *very much* > doubt would use my system to dial for free based on one of the recent vulns. > > I wouldn't panic about being at risk for vulns *just because* a vuln exists, it > may not affect you. I had an Ast box running without a reboot or update in almost > a year cuz I couldn't get the window. Its exposure was so highly minimized that > it wasn't even a consideration. None of the updates pertaining to stability were > ever applicable either to my best knowledge so I didn't worry... > > jlc > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > I have a dedicated * CentOS box that shows today as uptime 543 days. I built from scratch as I needed to support a four port analog trunk card. This does not have internet access as I'm running it like an old fashioned PABX - just with great sip / linux based snom desk phones and all the attendant wiz-bang super stuff that * provides. I do want to do an update of it all to latest versions etc. but when it just keeps working it is hard to justify the down time and potential hic-ups. HTH Rob -------------- next part -------------- A non-text attachment was scrubbed... Name: rkampen.vcf Type: text/x-vcard Size: 121 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090930/b77309d2/attachment-0005.vcf>