With the disclosure of the new bash bug (CVE-2014-6271, CVE-2014-7169), it seems timely to bring this up. Dan added dash to core/base around seven years ago [1], intending the eventually link /bin/sh to dash instead of bash. [1] https://mailman.archlinux.org/pipermail/arch-dev-public/2007-November/003053.html We didn't make the switch, supposedly due to the bashism in our scripts which had a #!/bin/sh shebang line? Seven years passed. Is there anything preventing us from making the switch from bash to dash as /bin/sh now? We can then have dash provide sh instead.
