From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id KP+jOTe6fl/XWgAA0tVLHw (envelope-from ) for ; Thu, 08 Oct 2020 07:05:27 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id OKx8NTe6fl+2YAAA1q6Kng (envelope-from ) for ; Thu, 08 Oct 2020 07:05:27 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 57FE39402DD for ; Thu, 8 Oct 2020 07:05:27 +0000 (UTC) Received: from localhost ([::1]:33566 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kQPzR-00041p-Vw for larch@yhetil.org; Thu, 08 Oct 2020 03:05:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54162) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kQPy6-0002cK-Kj for guix-patches@gnu.org; Thu, 08 Oct 2020 03:04:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:46996) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kQPy6-00038F-BC for guix-patches@gnu.org; Thu, 08 Oct 2020 03:04:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kQPy6-00028i-7q for guix-patches@gnu.org; Thu, 08 Oct 2020 03:04:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43851] [PATCH] gnu: sudo: Depend on python-minimal instead of python. Resent-From: Danny Milosavljevic Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 08 Oct 2020 07:04:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43851 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Jan Nieuwenhuizen Cc: 43851@debbugs.gnu.org Received: via spool by 43851-submit@debbugs.gnu.org id=B43851.16021405948157 (code B ref 43851); Thu, 08 Oct 2020 07:04:02 +0000 Received: (at 43851) by debbugs.gnu.org; 8 Oct 2020 07:03:14 +0000 Received: from localhost ([127.0.0.1]:58537 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kQPxJ-00027V-WA for submit@debbugs.gnu.org; Thu, 08 Oct 2020 03:03:14 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:56848) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kQPxI-00027M-4i for 43851@debbugs.gnu.org; Thu, 08 Oct 2020 03:03:13 -0400 Received: from localhost (80-110-126-103.cgn.dynamic.surfer.at [80.110.126.103]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 69A2633620C8; Thu, 8 Oct 2020 09:03:10 +0200 (CEST) Date: Thu, 8 Oct 2020 09:03:07 +0200 From: Danny Milosavljevic Message-ID: <20201008090242.56cb7083@scratchpost.org> In-Reply-To: <87362qc6hw.fsf@gnu.org> References: <87362qc6hw.fsf@gnu.org> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/U4/H3AtNNw2FNPl0K64=kog"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.7 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.11 X-TUID: CfJTDB71NZu4 --Sig_/U4/H3AtNNw2FNPl0K64=kog Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi Janneke, On Wed, 07 Oct 2020 19:04:27 +0200 Jan Nieuwenhuizen wrote: > Depending on python pulls in X11: >=20 > --8<---------------cut here---------------start------------->8--- > $ guix graph --path sudo libx11 > sudo@1.9.3p1 > python@3.8.2 > tk@8.6.10 > libx11@1.6.9 > --8<---------------cut here---------------end--------------->8--- >=20 > which is unfortunate, especially for the Hurd. >=20 > However...do we really want to extend sudo with eh, a large programming > language that has a more impressive CVE list than a lovely tiny language > such as, say Guile? ;) I am very much in favor of not having unnecessary dependencies in things which are suid root. Also, there already IS PAM support in sudo, and PAM has modules--so why have yet another weird new mechanism? For auditing, there is auditd (even in Guix already). Furthermore, it makes updating sudo more brittle. Also, we removed when cross-compiling already, pointing to other problems. Please remove the python dependency entirely. --Sig_/U4/H3AtNNw2FNPl0K64=kog Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl9+uasACgkQ5xo1VCww uqWAxggAmv6G7aFC8vszTgWrrD7TYWBwNqjIcWlVI6Znu58C6EIgihs2ycrhrfkV vqdN6Ye8UvFEPsgsQUnBUq1rt605QloLaBbpkPrf5jMqXvx0jrzbrSmWDUQ9tUNl 1FajdrqaC7kadQTjeQEKyNU0kogw8kyV2E8IB0afXsx2W8McL/CYleSR9I8wQeFH 3IT9xEzlF0fp7zly7VnXH/iOCe/YxufAzi7ULTcZJ/HUANcYA3aEeSF9/AmVJIiG oBUEk8MQVPrNKQ00i3H+fmD9VbF0XUNTz5puIUzdD0g8CzSWx0QxFaE9aJBmSZrb IymHebU8ftIN4ia1PSFY9KNUcfmmlw== =sLgV -----END PGP SIGNATURE----- --Sig_/U4/H3AtNNw2FNPl0K64=kog--