Re: Mass "do not use bash" bug filing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
Am Fr den 26. Sep 2014 um 11:28 schrieb Adam D. Barratt:
> I noticed that you appear to be filing several RC bugs against packages
> which use /bin/bash shebangs in their scripts.
Only against that 3 tools that most likely are also used from network
systems like web tools or so.
> These bugs are *not* RC. The packages themselves do not have security
> issues. The interpreter they choose to use {may,does}, but that is not a
> bug in grep, xz-utils or gzip.
I have no problem if the severity gets lowered. Therefor I added a
paragraph that explains my decision.
> You should also know by now that mass bug filing without prior
> discussion is discouraged, regardless of the severity.
I don't think that 3 bugs are "mass bug filling". I manually checked
where such a bug report is needed.
> Finally, the rationale presented for the bugs - "against the debian
> policy to use /bin/sh if possible" - is bogus. Debian Policy makes no
> such requirement or even suggestion. It spells out what functionality
> scripts using /bin/sh may rely on, it in no way implies that other
> shells may not be used if appropriate shebangs and dependencies are in
> place.
Exactly that I wanted to say, that it is a recommendation to use
/bin/sh.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJUJUGWAAoJEKZ8CrGAGfasxS0L/3oW1O8hE0c8XbBA8mSygIar
zf15OSDbpwM5hVqniP0dFRBD+CelDZeuR1MwulopGgeRjeVRQoTTnw4X98sd6wBX
ptczcC5OnHy5n6EPoRcOS+F1xfckSBD93ogbqma3qTwhISwJ8VbYZ6VBAzxEBmoU
4hxG8+NbhZ7D27RFiQDT7uBzyZcpckvwLa2ukxMYugj9aRF65cP77Y4NeMyDgC+B
9UdZhBDjG8FRhch9nhIHfeb9Qs5Nw/mPBFI6sBORyNXd2JQfCpo2R44jU5e1v+z6
8vN7REqR+14P2+ieVd362DUHDe+YrZRJogl1Ff8FfhHOr/S/BOYFOxTSrgDf5PTd
zHG2Gr728qAMvkHAfBgbjNsYZxYGhNukojBH+W8jbFoFd3Ii7nFoq4JbMQU7dnwU
NFoZca+SBJicaW8nhd8Oc34mBBtuzPq7w+jQWYUCyicKpjNsNEEHuHbpHBVu7SWi
rqoVLIPG2PzbN8CWhXQG9n5DGQR7GPUjnOsELeqroA==
=FQz7
-----END PGP SIGNATURE-----
Reply to: