Bash 5.0 released

Posted Jan 20, 2019 4:10 UTC (Sun) by pizza (subscriber, #46)
In reply to: Bash 5.0 released by Cyberax
Parent article: Bash 5.0 released

So you are saying that someone else might have to do some work at some unspecified time in the future? Stop the internets!

Meanwhile, this little statement is worth repeating:

"Bash is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details."

Bash 5.0 released

Posted Jan 20, 2019 4:13 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link] (5 responses)

> So you are saying that someone else might have to do some work at some unspecified time in the future? Stop the internets!
Yes. If you're building public infrastructure then you MUST plan for the future. Is it that difficult to understand?

Bash 5.0 released

Posted Jan 20, 2019 13:30 UTC (Sun) by pizza (subscriber, #46) [Link] (4 responses)

> Yes. If you're building public infrastructure then you MUST plan for the future. Is it that difficult to understand?

If *I* am building infrastructure, then *I* will make plans to handle "unspecified stuff going wrong"

What I don't do is expect other folks to do any (additional) unpaid work on behalf of my infrastructure, and I certainly don't denigrate the folks whose work I am already taking advantage of -- because, speaking personally about the Free Software I have released, I'm far more inclined to promptly help out folks that are respectful of the work I have already done, acknowledge that I owe them nothing, and who have not been publicly badmouthing me.

Is *that* so difficult to understand?

Bash 5.0 released

Posted Jan 20, 2019 20:41 UTC (Sun) by mjg59 (subscriber, #23239) [Link] (3 responses)

Two things that can simultaneously be true:

1) Chet's work is a great gift to the free software community and we have benefited hugely from it over decades

2) Over that time we've learned that there are ways to maintain software that make it easier for others to consume that work, contribute code back and identify and fix issues. Now that we're aware that there are better ways to do it, we're also aware of the additional costs imposed on consumers by not having a fine grained revision history. Overall people still seem to feel that the benefits provided by bash outweigh the drawbacks, but if it /were/ possible to convince Chet to change the way bash is maintained, life would still be better.

Bash 5.0 released

Posted Jan 20, 2019 22:30 UTC (Sun) by pizza (subscriber, #46) [Link]

> but if it /were/ possible to convince Chet to change the way bash is maintained, life would still be better.

No argument from me there!

...but whether or not it is possible to convince him to change his ways, denigrating him and his work is not the way to accomplish it.

Bash 5.0 released

Posted Jan 21, 2019 2:29 UTC (Mon) by pabs (subscriber, #43278) [Link] (1 responses)

Has anyone talked to Chet about changing to a more fine grained revision history before?

Bash 5.0 released

Posted Jan 21, 2019 6:32 UTC (Mon) by dualbus (guest, #129437) [Link]

The initial git migration was discussed here: http://lists.nongnu.org/archive/html/bug-bash/2011-11/msg...

And the only time I'm aware of it being brought up as a specific discussion topic is here: https://lists.gnu.org/archive/html/bug-bash/2015-03/msg00... (spoiler alert: I gave up really quickly on maintaining that mirror)

Bash 5.0 released

Posted Jan 20, 2019 11:13 UTC (Sun) by smurf (subscriber, #17840) [Link] (3 responses)

Yeah. We all know the boilerplate in those licenses. All programs have them. So does the kernel. So what?

The code is, effectively, less auditable and thus less secure when all you see is a sequence of tarballs. Chet appears not to care about any of that. His choice – but it confirms the decision to switch away from Bash which some (most?) distributions took, years ago, for performance/memory usage reasons.

Bash 5.0 released

Posted Jan 20, 2019 13:43 UTC (Sun) by pizza (subscriber, #46) [Link] (2 responses)

So you're saying that, somehow, "caveat emptor" doesn't apply here?

If Bash's development practices are somehow unacceptable to you, there are three ways to proceed. Convince its author to do what you want, fork it and do a better job, or switch to something "better". Either way it's going to cost you time, effort, and a non-trivial amount of hard currency.

(And yes, some distributions have switched away from bash for system scripts, primarily for reasons that have since been rendered irrelevant by systemd...)

Bash 5.0 released

Posted Jan 20, 2019 20:48 UTC (Sun) by smurf (subscriber, #17840) [Link] (1 responses)

No, I'm saying that c.e. applies to everything. Bash dash openssh kernel libreoffice windows msoffice – doesn't matter, they all say that, they only differ in how many words they use.

The difference is that most of these acknowledge that their code is used in security critical areas anyway, and have started to adapt their practices accordingly. Apparently, Chet has not. As I wrote, his choice, just as mine is to hack on any script I come across until it no longer says #!/bin/bash on top.

Bash 5.0 released

Posted Jan 21, 2019 6:40 UTC (Mon) by dualbus (guest, #129437) [Link]

> The difference is that most of these acknowledge that their code is used in security critical areas anyway, and have started to adapt their practices accordingly. Apparently, Chet has not. (...)

What does git have to do with security? I read the weekly change sets when they're pushed, and I have no trouble understanding what's being changed or why. Sure, it might not be the commit /style/ you prefer, but has little to do with the quality of the software, or its security characteristics.

Also, perhaps ask Chet to provide more detailed / specific commits instead of just assuming he doesn't want to?