Description of problem:
Have been contacted by members of the RHEL & CentOS communities who are consumers of Asterisk in EPEL6. The problem statement is that Asterisk has outstanding security vulnerabilities fixed upstream, and a number of bug fixes also fixed upstream. There are BZs for some of these issues for some time now:
I have check for activity of the maintainer in bodhi and see recent activity for the same package in Fedora rawhide & F20 withing the past 30 days, but no action on EPEL6 for a about a year. I have also reached out to the maintainer myself asking if there is a reason the EPEL6 package has not been updated or should not be updated. So far (as of this writing) no response, so initiating "Policy_for_nonresponsive_package_maintainers" in the narrow scope of EPEL6.
I think it would be best if someone else took over the EPEL branches, as I no longer use Asterisk on CentOS/RHEL and have little motivation to maintain those branches.
I've released ownership of the EPEL6 branch.