Freeswitch debian repository asking for username/password

[timerider]

Anyone else seeing the same:
https://files.freeswitch.org/repo/deb/ Asks for a username/password

Temporary, or? or?

Thanks
Steve

 

[timerider]

Just me then?

Also notice Buster (obsolete) added to the freeswitch pages...

Steve

 

[Adrian Fretwell]

It is asking for a password, no idea why.

 

[hfoster]

It's SignalWire wilding out again. They could be doing something useful like updating the documentation as that is seriously rotten now, but instead they go and force people to sign up for SignalWire accounts to download binaries instead of making the builds reproducible.

[Freeswitch-users] Problem with repository server?

Q: What is prompting this change?
A: We’re making this change for several reasons:
So the team that created and maintains FreeSWITCH can better understand and
communicate with our community.
So we can take what we learn and improve both FreeSWITCH and SignalWire.
So we can ensure that FreeSWITCH aligns with new security and regulatory
requirements.
So you can be confident that the packages you’re running in your stack come
directly from us.
So packages are much less likely to have been secretly modified by a
malicious actor.
So we can be sure that we’re not directly facilitating illegal use cases.

Q: What about the source code on GitHub?
A: This change does not affect open source code, which will continue to be
freely available on GitHub.

This does not in any way change the license to the software.

It may affect how you obtain FreeSWITCH dependencies or FreeSWITCH packages
from our package repositories such as our Debian repository.

Q: What does “packages” refer to? The commercial packages? The packages for
Debian etc.? Or the raw code/releases?
A: This refers to binary package repositories such as Debian repo.

If you have any further questions or concerns about this change, please
come to our Community Slack channel and let us know.

 

[Adrian Fretwell]

@hfoster Thankyou for the info.

 

[timerider]

I had a feeling it would be signalwire..

I only see this as something that will put off anyone new to freeswitch.

As for security as the excuse, I'm sure they are capable of securing their own repositories, it's up to us to secure our servers.

Source lists for binaries will need updated in /etc/apt/..

https://tokenname:token@files......

Though looks like we need a signed key too..

This actually seems worse than what happened with asterisk to put off developers etc.

I'll let others mess on with their slack to voice their opinions, hopefully they'll revert this before damage is done.

Gonna be a lot of not updated servers kicking about, that's not gonna look good on FS.

Steve

 

[Adrian Fretwell]

A number of VoIP projects seem to be on a mission to put off both contributors and customers these days. Still, no problems as yet with my two tin cans and length of string - can't seem to get conference calls to work though!