You've created such a total straw-man argument, it's farcical.
I'd be glad to trust Mikrotik, provided they acted in a trust-worthy manner. As I've said - I'd like something better than the terse explanation that
As RouterOS does NOT use bash, no patching is required from our side.
So, does that mean:
The portions of RouterOS you work with don't have BASH, so everything is good. We know, for example, that you don't need access to bash directly to exploit the vulnerability. So, some clarification here would be really quite nice.
Does this mean that the given statement applies to every version of ROS, or just version 6?
The statement given could easily have many different meanings. [see how creatively the NSA "denies" all sorts of things for a lesson in misdirection] Asking for clarification isn't "not trusting" - but simply asking for more data so I can evaluate it.
Further, the "mistrust" you give comes from your post, not mine. [Yet, I'm the one who is unwilling to trust MT?]
I'll simply restate what I've asked for from the beginning, and what I DO get from UBNT [Without a lot of teeth pulling either.]; A comprehensive answer from someone who is authorized to represent the company.
Does BASH exist in any form in any version of ROS? If yes, then please detail what versions and how it's involved so users can determine their exposure. [As this thread has gone on now, without any additional details from MT, for nearly two weeks now, I'm not holding my breath.]