[bug#43851] [PATCH] gnu: sudo: Depend on python-minimal instead of python.

[Jan Nieuwenhuizen]

Tobias Geerinckx-Rice writes:

Hello Tobias,

> Jan Nieuwenhuizen 写道：
>> Depending on python pulls in X11:
>
> It only depends on Python because I wasn't [consciously] aware of the
> existence of python-minimal.  Your patch LGTM.
>
>> However...do we really want to extend sudo with eh, a large
>> programming
>> language
>
> I enabled Python support in sudo because it exists for the same reason
> that Guile does.

Yes, hackability/extensibility makes sense and is good in general...

> If we want a less hackable sudo - certainly a defensible position -
> that's fine by me.  If we do, then yes, I think Python is reasonable
> considering the alternative (C).

...but in this case, yes, a less hackable sudo is what I'm certainly
leaning towards.

Danny Milosavljevic writes:

> I am very much in favor of not having unnecessary dependencies in things
> which are suid root.  Also, there already IS PAM support in sudo, and
> PAM has modules--so why have yet another weird new mechanism?  For auditing,
> there is auditd (even in Guix already).

> Furthermore, it makes updating sudo more brittle.

> Also, we removed when cross-compiling already, pointing to other problems.

> Please remove the python dependency entirely.

@Tobias: would you please revert/remove the Python addition to sudo (or
else discuss some more with others?).

>> that has a more impressive CVE list than a lovely tiny language
>> such as, say Guile? ;)
>
> Python has a more impressive almost-anything than Guile so that means
> nothing.

Yeah, Python is amazing.

Greetings,
Janneke

-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com