Am 02.10.2014 um 22:45 schrieb Rahul Sundaram: > On Thu, Oct 2, 2014 at 11:57 AM, Reindl Harald wrote: > > because the conclusion that dash is not vulerable for > other things is invalid > > > I am afraid there was no such conclusions. To acknowledge known bugs in bash > doesn't require anyone to conclude that dash doesn't have bugs then that paragraph refer to Shellshock was not really appropriate without make really clear that this is not a panic reaction in context of already fixed bash bugs it's sadly a common reaction if somewhere critical bugs where fixed try to migrate to something else instead take a breath and consider that the currently used one has now more focus than ever before and got more attention from security specialists while the suggested replacement might not > Since the recent Shellshock aka Bashdoor vulnerability, there have been some discussions about more distributions > switching over (http://lwn.net/SubscriberLink/614218/019d9a52b0eaae3d/) and I was wondering whether it is worth > considering for Fedora? FWIW, both dash and mksh is already packaged in Fedora. as already said: also don't forget that currently a lot of people look into bash in security context because of the things happened short ago and it's wide use besides that the known issues are fixed it could go easily in the wrong direction switch to something different which may also have it's own issues nobody cared until now and has less focus in security context than bash now has
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
