lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070706104323.GB30887@DervishD>
Date:	Fri, 6 Jul 2007 12:43:23 +0200
From:	DervishD <lkml@...vishd.net>
To:	Mike Frysinger <vapier@...too.org>
Cc:	DervishD <lkml@...vishd.net>, Nix <nix@...eri.org.uk>,
	Bodo Eggert <7eggert@....de>, Karel Zak <kzak@...hat.com>,
	List util-linux-ng <util-linux-ng@...r.kernel.org>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [ANNOUNCE] util-linux-ng 2.13-rc1

    Hi Mike :)

 * Mike Frysinger <vapier@...too.org> dixit:
> On Friday 06 July 2007, DervishD wrote:
> >     I really like the spirit of CMake. Of course, it adds a dependency,
> > but IMHO is much safer to depend on CMake being installed (or Perl, for
> > that matter) than to depend on a shell. Every shell out there seems to
> > do things on its own, and apart from dash, which is more or less
> > standard, the rest of shells do actually violate the standard one way or
> > another (in fact, configure script include workarounds for at least Bash
> > and Zsh).
> 
> careful, you tread into dangerous territory making silly statements like that.  
> by "standard" you probably mean "POSIX standard" which dash too has had 
> plenty of bugs in terms of implementing it properly (and still does).

    Probably, I haven't carried thoroughly tests, but up to date, it's
the most POSIX compliant shell I've found. Probably dash is crappy too,
regarding POSIX compliance, but that only reinforces my point: depending
on shells is less safe than depending on CMake.

> and claiming that it's safer to depend on CMake 
> than bash in this Linux world is just plain bogus.

    Probably. I didn't claim that, anyway. I said "shell" and not
"Bash". Depending on a C program is safer, IMHO, than depending on the
features of an unknown shell. And FWIW, /bin/sh can be *any* shell on
*any* system where autotools run.

    And yes, I have bash installed on my system because some people
insist in writing bash scripts while asking for "#!/bin/sh". That's
bogus.

    Raúl Núñez de Arenas Coronado

-- 
Linux Registered User 88736 | http://www.dervishd.net
It's my PC and I'll cry if I want to... RAmen!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ