[alex_anglin]

True, but FreeBSD can't guarantee perpetual security for releases. It also doesn't provide warranties, like the majority of software out there.

FWIW, I do hold FreeBSD in high regard. It's just that expecting perfection security-wise from complex systems is a fools errand.

[asdfgadsfgasfdg]

> It's just that expecting perfection security-wise from complex systems is a fools errand.

I think that may have been the OP's point. Bash is more complex than sh has to be hence because FreeBSD choose the simpler option they avoid the inherent security implications of complex systems.

(I use bash myself and don't use FreeBSD.)

[dotancohen]

Exactly, FreeBSD uses the simplest solution for the task, in the name of security. FreeBSD isn't "secure from Heartbleed because they don't use Bash" but rather, FreeBSD is "secure because by default only the most basic, necessary software is installed" which happened to be sh instead of bash.