From: Jan Nieuwenhuizen <janneke@gnu.org>
To: Tobias Geerinckx-Rice <me@tobias.gr>
Cc: 43851@debbugs.gnu.org
Subject: [bug#43851] [PATCH] gnu: sudo: Depend on python-minimal instead of python.
Date: Fri, 09 Oct 2020 19:18:44 +0200 [thread overview]
Message-ID: <87imbjs4gb.fsf@gnu.org> (raw)
In-Reply-To: <87v9fld9al.fsf@nckx> (Tobias Geerinckx-Rice's message of "Wed, 07 Oct 2020 23:18:43 +0200")
Tobias Geerinckx-Rice writes:
Hello Tobias,
> Jan Nieuwenhuizen 写道:
>> Depending on python pulls in X11:
>
> It only depends on Python because I wasn't [consciously] aware of the
> existence of python-minimal. Your patch LGTM.
>
>> However...do we really want to extend sudo with eh, a large
>> programming
>> language
>
> I enabled Python support in sudo because it exists for the same reason
> that Guile does.
Yes, hackability/extensibility makes sense and is good in general...
> If we want a less hackable sudo - certainly a defensible position -
> that's fine by me. If we do, then yes, I think Python is reasonable
> considering the alternative (C).
...but in this case, yes, a less hackable sudo is what I'm certainly
leaning towards.
Danny Milosavljevic writes:
> I am very much in favor of not having unnecessary dependencies in things
> which are suid root. Also, there already IS PAM support in sudo, and
> PAM has modules--so why have yet another weird new mechanism? For auditing,
> there is auditd (even in Guix already).
> Furthermore, it makes updating sudo more brittle.
> Also, we removed when cross-compiling already, pointing to other problems.
> Please remove the python dependency entirely.
@Tobias: would you please revert/remove the Python addition to sudo (or
else discuss some more with others?).
>> that has a more impressive CVE list than a lovely tiny language
>> such as, say Guile? ;)
>
> Python has a more impressive almost-anything than Guile so that means
> nothing.
Yeah, Python is amazing.
Greetings,
Janneke
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
next prev parent reply other threads:[~2020-10-09 17:21 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-07 17:04 [bug#43851] [PATCH] gnu: sudo: Depend on python-minimal instead of python Jan Nieuwenhuizen
2020-10-07 21:18 ` Tobias Geerinckx-Rice via Guix-patches via
2020-10-09 17:18 ` Jan Nieuwenhuizen [this message]
2020-10-09 18:15 ` Maxim Cournoyer
2020-10-09 18:48 ` Tobias Geerinckx-Rice via Guix-patches via
2020-10-09 19:26 ` zimoun
2020-10-09 19:44 ` Tobias Geerinckx-Rice via Guix-patches via
2020-10-09 19:53 ` Jan Nieuwenhuizen
2020-10-09 19:48 ` bug#43851: " Jan Nieuwenhuizen
2020-10-08 7:03 ` [bug#43851] " Danny Milosavljevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87imbjs4gb.fsf@gnu.org \
--to=janneke@gnu.org \
--cc=43851@debbugs.gnu.org \
--cc=me@tobias.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).