On 12 Jan 2018, at 15:37, Daniel J. Luke wrote:
On Jan 12, 2018, at 3:27 PM, Dave Horsfall <[email protected]> wrote:
Whether Apple wants to admit that its machines can crash and thereby
cream the filesystem is another question...
presumably that's what macOS Recovery is for:
https://support.apple.com/en-us/HT201314
All very well and good for a machine running an OS version that got the
ShellShock update from Apple.
One of the use cases for MacPorts is to keep older Macs that are
physically capable of doing significant work (e.g. as servers) updated
in regards to the open source parts of MacOS. For example, I have a Core
Duo (i.e. 32-bit) Mac handling duties that face the outside world. It
can't run a MacOS newer than Snow Leopard. If it was running the last
versions Apple provided of everything open source that it runs, it would
be non-securable. Unfortunately, Apple hopped on the 'sh is bash'
bandwagon quite a while ago, so Apple's last sh on Snow Leopard was a
serious latent risk. I used the MacPorts infrastructure on that host to
create a bash variant that links statically to all of the MacPorts
libraries that it uses and (because it's unfixable) dynamically to
Apple's libSystem. I was mostly kidding about submitting that hack
upstream because I agree with Ryan that it does not belong in a package
management system like MacPorts: too Frankensteiny. OTOH, I did create
a model for a general "as static as possible while using MacPorts"
variant that should work on anything.
