Bash 5.0 released
Bash 5.0 released
Posted Jan 20, 2019 11:13 UTC (Sun) by smurf (subscriber, #17840)In reply to: Bash 5.0 released by pizza
Parent article: Bash 5.0 released
The code is, effectively, less auditable and thus less secure when all you see is a sequence of tarballs. Chet appears not to care about any of that. His choice – but it confirms the decision to switch away from Bash which some (most?) distributions took, years ago, for performance/memory usage reasons.
Posted Jan 20, 2019 13:43 UTC (Sun)
by pizza (subscriber, #46)
[Link] (2 responses)
If Bash's development practices are somehow unacceptable to you, there are three ways to proceed. Convince its author to do what you want, fork it and do a better job, or switch to something "better". Either way it's going to cost you time, effort, and a non-trivial amount of hard currency.
(And yes, some distributions have switched away from bash for system scripts, primarily for reasons that have since been rendered irrelevant by systemd...)
Posted Jan 20, 2019 20:48 UTC (Sun)
by smurf (subscriber, #17840)
[Link] (1 responses)
The difference is that most of these acknowledge that their code is used in security critical areas anyway, and have started to adapt their practices accordingly. Apparently, Chet has not. As I wrote, his choice, just as mine is to hack on any script I come across until it no longer says #!/bin/bash on top.
Posted Jan 21, 2019 6:40 UTC (Mon)
by dualbus (guest, #129437)
[Link]
What does git have to do with security? I read the weekly change sets when they're pushed, and I have no trouble understanding what's being changed or why. Sure, it might not be the commit /style/ you prefer, but has little to do with the quality of the software, or its security characteristics.
Also, perhaps ask Chet to provide more detailed / specific commits instead of just assuming he doesn't want to?
Bash 5.0 released
Bash 5.0 released
Bash 5.0 released