[Bug 2133938] Re: Remove asterisk from Ubuntu release
Jeremy BĂcha
2133938 at bugs.launchpad.net
Fri Dec 5 12:38:53 UTC 2025
The Debian bug is extremely lengthy to read through. It's worthwhile to
read the first message. Message 215 from April shows some statistics
about CVEs from 2023-2024. Then maybe a quick look over messages after
that is sufficient to get caught up without having to handle the entire
discussion.
As long as nearly all the packaging work is being done by Jonas, it
looks unlikely for Jonas to be comfortable letting the package migrate
into Testing, which is a prerequisite for it to be included in either
Debian Backports or a future Debian stable release.
>From Ubuntu's perspective, asterisk still has so many CVEs and Security
Advisories, that it's my opinion that it is unsuitable for inclusion in
Ubuntu as long as no one is doing Ubuntu security updates for asterisk.
** Description changed:
Consider removing asterisk from Ubuntu release but leave in -proposed.
This would basically match what has been done in Debian 12 and 13 at the
request of the Debian Security Team. See the attached Debian bug. It
doesn't feel like Ubuntu Security is managing asterisk better than that.
https://tracker.debian.org/pkg/asterisk
If Archive Admins agree, they could keep this bug open as the block-
proposed bug.
Analysis
========
I don't think this _requires_ any other removals. In Debian, asterisk-espeak is not available in testing either.
$ reverse-depends src:asterisk
Reverse-Recommends
==================
* asterisk-prompt-fr-armelle (for asterisk)
$ reverse-depends -b src:asterisk
Reverse-Testsuite-Triggers
==========================
* asterisk-espeak (for asterisk)
* asterisk-espeak (for asterisk-config)
* dahdi-linux (for asterisk)
* dahdi-linux (for asterisk-dahdi)
+
+ There currently is not a Snap for Asterisk:
+ https://snapcraft.io/store?q=asterisk
** Description changed:
Consider removing asterisk from Ubuntu release but leave in -proposed.
This would basically match what has been done in Debian 12 and 13 at the
request of the Debian Security Team. See the attached Debian bug. It
doesn't feel like Ubuntu Security is managing asterisk better than that.
https://tracker.debian.org/pkg/asterisk
If Archive Admins agree, they could keep this bug open as the block-
- proposed bug.
+ proposed bug, after adding the block-proposed tag.
Analysis
========
I don't think this _requires_ any other removals. In Debian, asterisk-espeak is not available in testing either.
$ reverse-depends src:asterisk
Reverse-Recommends
==================
* asterisk-prompt-fr-armelle (for asterisk)
$ reverse-depends -b src:asterisk
Reverse-Testsuite-Triggers
==========================
* asterisk-espeak (for asterisk)
* asterisk-espeak (for asterisk-config)
* dahdi-linux (for asterisk)
* dahdi-linux (for asterisk-dahdi)
There currently is not a Snap for Asterisk:
https://snapcraft.io/store?q=asterisk
** Tags added: update-excuse
--
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2133938
Title:
Remove asterisk from Ubuntu release
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/2133938/+subscriptions
More information about the ubuntu-archive
mailing list