[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Shellshock-vulnerable version still most obvious on ftp.gnu.org
|
From: |
Ian Jackson |
|
Subject: |
Re: Shellshock-vulnerable version still most obvious on ftp.gnu.org |
|
Date: |
Thu, 6 Nov 2014 12:47:52 +0000 |
Chet Ramey writes ("Re: Shellshock-vulnerable version still most obvious on
ftp.gnu.org"):
> I will put tarballs with patches in the usual places within a few days.
Thanks, that would be very helpful.
For the future, it might be worth considering whether it's really
sensible, nowadays, to be distributing bash as `.0 tarball with
patches'. That made sense when bandwidth was much scarcer, disks (and
backup systems) much smaller in relation to source code releases, and
when most people would get bash directly from ftp.gnu.org.
But in the current environment it's looking rather quaint. We could
probably provide a full tarball for each patch release.
Ian.