[jiggy2011]

Think of it this way.

Say that a car manufacturer builds a car for city driving and doesn't warrant or recommend it's use for off roading. However it just so happens that the car is tough enough that it makes a good offroader anyway and soon people start to buy the car for the express purpose of offroading even though the manufacturer does not recommend this use.

Some time later it becomes apparent that there is a weakness in the braking system that manifests itself after extensive offroad use but not with regular road use, and this becomes the cause of many accidents. The manufacturer then does a recall and refits the cars with an improved braking system more suitable for offroading even though they never intended (and still do not) for people to use it offroad they are just forced to accept this use case.

[woutervdb]

Great explenation. To add to your story: imagine being the car manufacturer, doing this all for free (as in beer) and still having people more or less wishing you dead for building a city car not suitable for offroad use. It simply doesn't add up and makes you feel pretty miserable, I guess.

[jameshart]

Except that, in a world where Unix systems are almost exclusively used to handle network traffic, that off-road usecase should probably be considered the default. They've been selling city cars in a country that doesn't actually have any paved roads.

[jiggy2011]

That doesn't mean that bash is suitable for handling network traffic!

[zak_mc_kracken]

Except the FSF never said anything like "Please don't use bash for CGI, it's not secure enough". If they had, then they would have to recognize that bash is not secure enough for other uses as well.

[jiggy2011]

Wouldn't that violate freedom 0?

[jeremyjh]

How does it violate your freedom to warn you of a serious danger? The fact is they didn't know bash would execute code found in arbitrary application-defined variables. And that is why GNU calls it a bug.

[jiggy2011]

Sure, it's a bug but it's not ultimately their fault that it had the impact that it did as a result of people using it for purposes they might not have had in mind.