On Sat, May 03, 2025 at 07:36:32PM +0200, Ingo Schwarze wrote:
> We also need to be aware that requiring proper argument ordering
> is *not* chicanery on the part of POSIX, but is actually useful.
> It helps to reduce ambiguity in command line parsing and makes the
> meaning of commands more easily predictable.

No, it's worse than that, it's a bad security bug.

Scripts should be able to rely on proper option parsing when they
handle data coming from outside.

One basic tenet of secure shell programming is that you should
(almost) always be able to stop options parsing by using -- .

Now, it seems that getopt_long is not totally broken with respect to that,
since adding -- somewhere apparently stops option parsing.

But still, we're told to watch out for commands that do not use
standard option parsing (e.g., find)

I would strongly advocate to fix the bug now even if it causes fallout
in the ports tree.