[arch-general] A good time to switch to dash as /bin/sh?

Savya mailinglists at hawkradius.com
Fri Sep 26 17:05:53 UTC 2014

On Fri, Sep 26, 2014, at 10:29 PM, Doug Newgard wrote:
> Now my question for everyone else is, what will people do *WHEN* a bug 
> is found in dash? Bash is the most tested shell code base we have, and I 
> don't buy into the fallacy that a smaller code base is inherently more 
> secure. Or are you simply relying on security through obscurity?
> Email had 1 attachment:
> + pubkey.asc
>   1k (text/plain)

Dash has Debian in its very name. It's the Debian Almquist Shell. Ubuntu
also uses it. It might not be as tested as bash, but that doesn't mean
it's very rare. I don't think this falls under security through
obscurity. Ubuntu and Debian also shifted to it quite a long while back
(it has been more than 5 years now). Dash comes from Ash (Almquist
Shell), which is from the 90s. The codebase is hardly new.

And as for what people will do, why, they will report it like always.
Has Arch ever encouraged anything else?


More information about the arch-general mailing list