GNU bug report logs - #43851
[PATCH] gnu: sudo: Depend on python-minimal instead of python.

Previous Next

Full log

Message #11 received at 43851 <at> debbugs.gnu.org (full text, mbox):

From: Danny Milosavljevic <dannym <at> scratchpost.org>
To: Jan Nieuwenhuizen <janneke <at> gnu.org>
Cc: 43851 <at> debbugs.gnu.org
Subject: Re: [bug#43851] [PATCH] gnu: sudo: Depend on python-minimal instead
 of python.
Date: Thu, 8 Oct 2020 09:03:07 +0200

[Message part 1 (text/plain, inline)]

Hi Janneke,

On Wed, 07 Oct 2020 19:04:27 +0200
Jan Nieuwenhuizen <janneke <at> gnu.org> wrote:

> Depending on python pulls in X11:
> 
> --8<---------------cut here---------------start------------->8---
> $ guix graph --path sudo libx11
> sudo <at> 1.9.3p1
> python <at> 3.8.2
> tk <at> 8.6.10
> libx11 <at> 1.6.9
> --8<---------------cut here---------------end--------------->8---
> 
> which is unfortunate, especially for the Hurd.
> 
> However...do we really want to extend sudo with eh, a large programming
> language that has a more impressive CVE list than a lovely tiny language
> such as, say Guile? ;)

I am very much in favor of not having unnecessary dependencies in things
which are suid root.  Also, there already IS PAM support in sudo, and
PAM has modules--so why have yet another weird new mechanism?  For auditing,
there is auditd (even in Guix already).

Furthermore, it makes updating sudo more brittle.

Also, we removed when cross-compiling already, pointing to other problems.

Please remove the python dependency entirely.

[Message part 2 (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.