+
+7. Distinguish between options and arguments:
+ command --option1 --option2 argument1 argument2
+ Options are optional, do add "mandatory" options.
+ Arguments are mandatory, do not add optional arguments.
+
+8. Quote all the variables. This is important for everything which comes from
+ outside. But it is better to have this as a habit, jsut quote everything
+ starting with "$". Well, there exceptions sometimes, e.g., see how $verbose
+ is used. But these are rare. You can google for shell script attack vectors,
+ and notice that many of them are about giving tricky inputs with "$" signs,
+ spaces, and so on. Most of them are based on the fact that people do not
+ use quotes.
+
+9. Do not use "echo", use "printf". Well, "echo" is OK to use with "controlled"
+ data, but it is easier to just always use "printf" to maintain good
+ discipline. E.g., read this for some insight about why "printf" is safer:
+ http://unix.stackexchange.com/questions/65803/why-is-printf-better-than-echo
+