[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Shellshock-vulnerable version still most obvious on ftp.gnu.org
From: |
Chet Ramey |
Subject: |
Re: Shellshock-vulnerable version still most obvious on ftp.gnu.org |
Date: |
Thu, 06 Nov 2014 09:06:40 -0500 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
On 11/6/14, 7:47 AM, Ian Jackson wrote:
> Chet Ramey writes ("Re: Shellshock-vulnerable version still most obvious on
> ftp.gnu.org"):
>> I will put tarballs with patches in the usual places within a few days.
>
> Thanks, that would be very helpful.
>
> For the future, it might be worth considering whether it's really
> sensible, nowadays, to be distributing bash as `.0 tarball with
> patches'. That made sense when bandwidth was much scarcer, disks (and
> backup systems) much smaller in relation to source code releases, and
> when most people would get bash directly from ftp.gnu.org.
>
> But in the current environment it's looking rather quaint. We could
> probably provide a full tarball for each patch release.
That is supposed to be one of the advantages of using git. You can always
get a tarball of the latest release with all patches applied using
http://git.savannah.gnu.org/cgit/bash.git/snapshot/bash-master.tar.gz
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/