I don't see any real benefit to move to dash since we get rid of sysV init, no security improvements, but a lot of breakages to fix (Debian spent a lot of time to fix bashisms in their packages ...) That doesn't mean that we shouldn't consider it -this is a sane to periodically re-assess our defaults-, but I need to hear what security team thinks about it.
dash has a smaller codebase but is much less used than bash (and people will end up installing bash or another full-featured shell so it voids the security benefits) so I suspect we're not improving security. ----- I'm more worried that many core components of the distro like bash lack manpower, and I would prefer that we spent more efforts in identifying them and see what we could do to improve the situation. @Base WG: would you consider auditing the components of the base OS ? Are they properly maintained or organize a security audit of the most critical components ? H. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
