I’ve seen some of the commentary about Sangoma and, at times, even about me personally. While I respect that free speech is part of any open-source community, I also want to take a moment to clarify our position on FreePBX. By way of Introduction I am Charles Salameh CEO of Sangoma. Hello everyone. Since my company and myself personally have been a source of alot of discussion i thought i might take a moment to let you hear from me on my views on FreePBX. Sangoma has undertaken an incredible transformation from the state it was in a few years ago. I now better understand the strengths and opportunities available to us and the company is in a much stronger position with a much clearer focus.
FreePBX is not just another project for Sangoma—it is a fundamental part of our DNA. We believe in FreePBX, we support FreePBX, and we continue to invest in its future. Our stewardship of both Asterisk and FreePBX is not just about maintaining code; it’s about ensuring the long-term health and innovation of these open-source projects that so many businesses and developers rely on.
As a 35-year veteran in communications, starting my career as a cabling engineer at Bell Canada, I know voice and the power of communications. I’ve seen first hand how strong, open, and innovative telecom solutions can transform businesses and empower people, and that’s exactly what FreePBX does.
Sangoma has a long history of supporting open-source communications, and we remain fully committed to FreePBX as a core component of our technology ecosystem. We know that our success, and the success of the broader community, depends on maintaining the openness, flexibility, and innovation that FreePBX provides.
We will continue to engage with the community, enhance the platform, and ensure that FreePBX remains a powerful, accessible tool for businesses of all sizes. Our commitment is clear: FreePBX is here to stay, and Sangoma will continue to be its strongest advocate and steward.
I’d love to share Sangoma’s Innovation Foundry strategy and showcase how the developer community can actively participate and grow with us. We’ve built an industry-focused, essential communication platform ( Hybrid, Prem and Cloud)—one that thrives on collaboration, innovation, and open-source contributions. I believe the $3.3B Prem markets are wide open for us to jump in and we are seeing more demand in this space given recent moves in the industry.
At Sangoma, we believe that the best innovations come from a thriving community in collaboration with our own engineering teams. Whether you’re an independent developer, an open-source contributor, or part of a tech-driven enterprise, there are now more opportunities than ever to engage with our platform, shape its evolution, and bring new solutions to market. I recognize the past 18 months may not have been ideal given the significant transformations we had to undertake - but we would like to move forward in a more engaged manner balancing the needs of the community and the those of the company supporting it.
Actions speak louder than words. I look forward to seeing this and hoping for a more pleasant engagement with the community-- as well as Sangoma re-engaging with others in the world of open source RTC.
Fred, yes action are always better… thanks. Your ideas on creating mutually beneficial engagements/actions with the world of open source are welcomed. We are a community and hearing real ideas that help the community and the company are helpful to all. Share away on actions you think would fit that model.
Hi @csalameh, Nice to meet you! Better late than never that the current CEO of Sangoma, introduces himself to the FreePBX community. In reading your post, I do just want to make sure that these are your original own words and thoughts. As the Open Source Solutions Advocate@penguinpbx has recently pointed out, the use of LLM and AI Tools in composing posts, must be cited. Negligence may result in being banned. Here is his response; cited, informing the community:
Thank you. I have shared some ideas publicly over time. Looking forward to seeing the actions that you and Sangoma undertake. Thank you again. I have a deep affection for this community and remain hopeful for the future.
Hi @csalameh
You could start by explaining why Sangoma forces people to buy commercial modules to secure chanspy (PIN - not just disabling by default), why people are forced to buy commercial module for 2FA - the sort of thing that is common on just about every website and moving that way with other cloud/on-prem systems at no additional cost.
It seems Security does not fit in with your companies plans unless paid for.
Yes there are manual fixes for chanspy that does not trigger dashboard alarms, modifying to use private 2FA set off all kinds of warnings and errors, and will likely be over-wrote upon core update, when it was totted, many in the community I’m sure were relieved and thankful, I wont pretend to speak for others, but I at least was dismayed at the decision to make it a paid option, crazy, unheard of, an OSS making 2FA available only if you want to pay for it.
As one who’s run businesses for decades, I know you’re not a charity, but you took on open source, you should act like open source devs and place security above all else, and not at a cost-only thing.
It’s no different with the OpenVPN project - there are no freely available 2FA OpenVPN clients. Yes, you can say that distribution of a key is “the second factor” but that does not signal to the end user running an OpenVPN client that they are MFA the way that a hook into - say - Google’s Authenticator app on a cell phone does.
One thing I will point out with security, is that there’s really a fundamental difference between a FreePBX system that is exposed to the Internet and once that is safely blocked from the Internet and away from prying eyes. 2FA is not required for the second type. In fact, keeping the second type of PBX updated is not required, either. There are people still running antique FreePBX systems that have never been updated for 10 years and are still chugging along - precisely because those systems have no exposure to the numerous bad guys on the Internet.
Those who expose their PBX on the Internet which requires 2FA, are required to continually apply security patches - and Sangoma is thus continually required to fix security holes that are discovered by those numerous bad guys.
Thus the support burden for a FreePBX release that is used in that kind of environment is far higher than the support burden for one that is safely tucked away from trouble.
Isn’t it fair for those people like you who choose to put their PBX on the Internet - and thus need constant development attention in the form of patching security holes - to have to pay something? You could always use firewalls and not expose your PBX and thus not worry about security patching it - and thus not be constantly demanding that Sangoma fix the latest cross-linked-plastic-turn-yourself-inside-out vulnerability that the Chinese PRC military has devised last week. Then you wouldn’t need 2FA or all this security you say is so important and Sangoma could put dev time into adding features instead of playing cat-and-mouse with the Russian hackers.
And what is considered “safely blocked”? No access to the Internet at all? Behind a firewall? Because both can apply in this situation.
These would be system still using TDM such as a PRI to connect back to the PSTN? Because if they are using an OTT SIP provider, they are on the Internet.
I’m curious, based on your view points, do you consult and/or install/manage/support PBX systems for clients?
FreePBX is a neat, functional configuration GUI for Asterisk, and it provides most common functionality by building useable dial-plans.
However, there has always been a disconnect between Sangoma and the partners (yes, we are one) and the community as a whole. For several months towards the end of last year I was unable to find anyone at Sangoma to discuss a client, and the bug tracker is a little top heavy and could use some more resource.
That being said, you’ve not done a bad job really, and I will continue to contribute time and code because I too believe in the project, and the Asterisk ecosystem.
