On Thu, Oct 2, 2014 at 11:33 AM, Russ Allbery <r...@debian.org> wrote: > shawn wilson <ag4ve...@gmail.com> writes: > >> I hate the idea of dash. It's not more secure (see vmware cve for an >> example) and I think it was more of an accident than anything else this >> didn't hit dash too. > > The fact that this specific problem didn't hit dash certainly isn't an > accident. The exploited functionality simply doesn't exist in dash. >
I'm pretty sure dash never got a rewrite? So this just happened to be a "feature" that got ripped out of dash. I'm not sure why it got ripped out, but I'm pretty certain it wasn't because the devs saw a security issue here (I should go looking to see if there's a public repo and see if I can find where the "feature" was removed and why). Now, if you're right and this was removed in dash because of a security concern, that'd be more interesting than my theory that they just got lucky. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cah_obifoqpt1bjmdtphbfyapgksvpiltdhqcljhk1u3hm-f...@mail.gmail.com
