On Sun, 10 Mar 2013 15:26:29 +0000
Ciaran McCreesh <ciaran.mccreesh@googlemail.com> wrote:

> On Sun, 10 Mar 2013 14:48:06 +0100
> Michał Górny <mgorny@gentoo.org> wrote:
> > Well, unless we're talking about a theoretical package mangler which
> > intentionally uses internal, old version of bash to prove the point.
> 
> That's a good idea, maybe we'll do that. Sounds like a good way of
> doing better input validation. Perhaps we could patch our internal bash
> to make it easier to catch certain other errors too.

Please don't forget to bundle a few rootkits inside, so your users
won't have to wait for security issues to be found in the ye ol' bash
version you'll use.

-- 
Best regards,
Michał Górny