On Sun, 10 Mar 2013 15:26:29 +0000 Ciaran McCreesh <ciaran.mccre...@googlemail.com> wrote:
> On Sun, 10 Mar 2013 14:48:06 +0100 > Michał Górny <mgo...@gentoo.org> wrote: > > Well, unless we're talking about a theoretical package mangler which > > intentionally uses internal, old version of bash to prove the point. > > That's a good idea, maybe we'll do that. Sounds like a good way of > doing better input validation. Perhaps we could patch our internal bash > to make it easier to catch certain other errors too. Please don't forget to bundle a few rootkits inside, so your users won't have to wait for security issues to be found in the ye ol' bash version you'll use. -- Best regards, Michał Górny
signature.asc
Description: PGP signature
