> In my opinion the problem with the OP's post is more that he apparently > thinks that BASH in and of itself will compromise z/OS security.
No, that's not at all what I'm thinking! "Shell shock" has just been the trigger to open the long due requirement. If we offer some piece of software to our customers, we're responsible for it. People will use the software in production jobs, sooner or later. When a job that used to work fails due to some bug in the software, those responsible for the software are in charge of fixing the problem. If the software is a supportes piece of software, you can (hopefully) rely on someone to fix the problem. If the software is not supported, you may be out of luck. I'd rather have supported software being used for production jobs. That's it. > In my opinion the problem with the OP's post is more that he apparentlythinks > that BASH in and of itself will compromise z/OS security. [snip] ... I don't > know why the OP has this association in his mind. It puzzles me what made you think so. Having BASH as part of a supported package doesn't make it neither safer nor weaker. It just makes it a piece of supported software. -- Peter Hunkeler ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN