On 2014-09-25 19:14 -0400, Shawn H Corey wrote: > On Thu, 25 Sep 2014 09:53:14 -0600 > Eric Blake <eblake@xxxxxxxxxx> wrote: > > Huh? There is no wasted effort in teaching configure scripts to warn > > users that they are running on an unpatched vulnerable system. Just > > because a fix may be available doesn't mean everyone is running the > > fix. > > That's only a partial solution. The problem is with bash(1), not your > scripts. If you warn about one security issue, then people will count > on you to warn them about _all_ the security issues. People are lazy > and will jump to conclusions to avoid work. C compilers issue warnings for some buggy code, but nobody reasonably expects them to warn about all possible bugs. In this case, the bug implies a compatibility issue as well. So it is prudent to warn users that the configure script may not run correctly, and that they should update their shells to a fixed version. Cheers, -- Nick Bowler, Elliptic Technologies (http://www.elliptictech.com/) _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
