Dash as default shell

[Haïkel]

I don't see any real benefit to move to dash since we get rid of sysV
init, no security improvements, but a lot of breakages to fix (Debian
spent a lot of time to fix bashisms in their packages ...)
That doesn't mean that we shouldn't consider it -this is a sane to
periodically re-assess our defaults-, but I need to hear what security
team thinks about it.

dash has a smaller codebase but is much less used than bash (and
people will end up installing bash or another full-featured shell so
it voids the security benefits) so I suspect we're not improving
security.

-----

I'm more worried that many core components of the distro like bash
lack manpower, and I would prefer that we spent more efforts in
identifying them and see what we could do to improve the situation.

@Base WG: would you consider auditing the components of the base OS ?
Are they properly maintained or organize a security audit of the most
critical components ?


H.