It’s hard to imagine something as fundamental to computing as the sudo command becoming abandonware, yet here we are: its solitary maintainer is asking for help to keep the project alive.
Isn’t the whole point of FOSS software that anyone can fork it?
The article points out that sudo has already been forked by Ubuntu maintainer canonical into sudo-rs which reimplements sudo in rust with better memory protections. It also states that the maintainer of sudo expects sudo-rs to be the future of sudo.
sudo-rs is a complete re-implementation, not a fork. Also, sudo-rs was not created by Canonical. It was created by Tweede Golf and Ferrous System with funding from Prossimo. Since 2024 it is being maintained by the Trifecta Tech Foundation. Ubuntu merely packages it.
sudo-rs is not a fork.
That’s good, at least everything won’t collapse catastrophically at this like a single point of failure without any redundancies. It would be better if someone other than canonical would do it, but at least it’s not like no one is…
You can fork it. Are you gonna maintain your fork? Is your fork going to be adopted by the majority of distributions?
Mine won’t certainly, but by the magic of FOSS I’m sure someone will do it.
Oh look, someone already has…
What do you mean someone already has? As of this comment it has 268 forks on GitHub.
Creating a fork takes one click, and doesn’t mean anyone will adopt it. Maintaining a codebase is not as simple as “magic of FOSS”, someone has to dedicate their time to it.
Or get this: Linux is perfect as it is, so are current PC’s.
Ship it pre-installed on shovelware PC’s, you don’t need better.
Excuse me, but how isn’t this a core feature, or do I think too complicated?
Because there are lots of alternatives.
Having to install sudo on Arch manually is one thing that made me use endeavourOS (besides having yay and DE preinstalled)
Following publication, Miller has been in touch to tell us that he has no plans to abandon sudo, or even hand it off, but he suspects change is still on the horizon for the essential tool.
“While I don’t expect to maintain sudo for an additional 30 years, I also don’t currently have someone to pass the torch to,” Miller told us. He noted that the xz utils backdoor has made him hesitant to hand it off to someone he doesn’t know, and that he “feels responsible for sudo” after having spent so long as its lead dev and maintainer.
Unfortunately, a lack of financial backing means sudo work has ground to a glacial pace.
“Since I have limited time I’ve mostly been focused on fixing bugs and cleaning up the code base rather than adding new features,” Miller said. “As a result the amount of time I spend is heavily influenced by the bug reports I receive.”
Funding or not, Miller expects sudo-rs to become the next generation of the tool in coming years.
“Ubuntu is already shipping sudo-rs as the default sudo command in their latest versions,” Miller told us. “I’ve been in contact with the people working on sudo-rs since the project started and I trust them to do right by the sudo user base.”
Regardless of what happens, Miller agrees the sudo situation he’s in is yet another example of how open-source maintainers is putting the entire computing community in a bind.
“Without some form of assistance it is untenable,” Miller said. “Maintainer burn-out is real.”
One does not simply maintain sudo (lotrmeme.jpg)
Don’t tap Jia Tan…
Funding or not, Miller expects sudo-rs to become the next generation of the tool in coming years.
“Ubuntu is already shipping sudo-rs as the default sudo command in their latest versions,” Miller told us. “I’ve been in contact with the people working on sudo-rs since the project started and I trust them to do right by the sudo user base.”
Projects don’t last forever, and when they inevitably end, it’s an opportunity to switch to something newer and hopefully better. Sudo coming to an end, if it does, will just force people onto alternatives.
Being open source, sudo will always exist, whether someone else wants to maintain it, fork it, use it as-is, or just reference it. It’s because it’s open source that it can serve a purpose even beyond its EOL.
Anyway, sudo’s not dead yet, so there’s still plenty of time for people to look at what’s out there. Some distros have already moved to, or are considering moving to, alternatives like
sudo-rs, so I’d expect that to continue.sudo-rs might never be adopted as a default in many distros precisely because it’s in rust. or rust adoption gets better and better to the point that it runs everywhere.
Rust shouldn’t be an issue IMO. Any rust libraries used are statically linked, only the good ol’ C and C++ (if any) libraries it depends on would have to be dependencies to the package. So it should theoretically offer fewer issues with dependencies than the original sudo.
What I was saying was: Rust doesn’t support all the targets C does
Technically yes, but all the common ones are covered. I don’t think any mainstream distros support anything so exotic that Rust doesn’t compile for it. Gentoo supports Alpha and HPPA which haven’t been around since the 90s, those are the only architectures that Gentoo has sudo packages for, that Rust doesn’t support. Your run of the mill distros don’t support anything this exotic. Common everyday architectures we see all the time in our daily lives like SPARC, PowerPC or RISC-V are supported.
It doesn’t have to be. There are multiple sudo alternatives.
Yeah, but the quote is about sudo-rs
Actually it’s because of the licence
I would love sudo-rs to be GPL but that’s orthogonal to the fact of it being bundled in distros. It’s still FOSS
Not good enough, it is a critical piece of software & it HAS to be copyleft
Absolutely. Rust is great. The license change is terrible.
Join us. Use doas.
Still a setuid bin. 🥺
I might be wrong but I think run0 (for systemd users) solves that
No. I just use the default on my system. Hopefully sudo-rs will become the default.
That Ubuntu unity article where the maintainer was a 10 year old when he started the project but now has shit to do is pretty funny.
Please link article thanks
This has been depressing for a while now. I’m a big Unity fan and I’m concerned about the future.
“Maybe someone could teach us how things are done so that we can take it over in time,” Adamietz added.
Wasn’t any of this documented anywhere? And who are these other team members they interviewed? How is it they don’t know how to write code? Are they just manual testers or something?
I’d try to help myself if there was some decent documentation on where to begin. But if it’s all in this kids head, we might be kinda fucked.
To me I tried to add people to my unity project and they were unable to actually boot it up and that angered me enough to go godot
Just waiting for another xz utils situation
According to the above Robert Manner and AZero13 also have one contribution each. There’s also the https://opencollective.com/sudo-project which has a board.
If Todd wants to pass off the project he has all the resources to do this.
With the push to immutable distros and flatpak I wonder how long we will need sudo.
It’s been 12 years since Heartbleed and we’ve had numerous ”lone maintainer” issues since then. The situation shouldn’t come as a surprise or be especially ”hard to believe”.
This is the state of free software, especially when it matures.
Unless the creators manage to roll some kind of ”commercial” version, it’s not very sustainable in the long run. Turns out many eyes don’t really equal many PRs
In my experience a lot of these old projects really go out of their way to dissuade contributions anyway. Lots of naysaying “it’s always been like that”, ancient infrastructure - e.g. insisting on
git send-emailpatches, etc.Usually the only way it gets resolved is when someone writes a more modern competitor and it starts gaining traction. Suddenly all those improvements that people tried to do and were told were impossible and stupid aren’t such a bad idea after all.
I don’t think that’s the case with Unity but it probably is with things like GCC, sudo, sysvinit, X11, etc.
I think that’s at least a big part of it. There’s so much unnecessary friction in legacy projects that, while understandable to a degree, sucks.
This is the state of free software, especially when it matures.
The state of free software also includes the fact that even if the
sudomaintainer doesn’t find support, no one steps up andsudobecomes unmaintained,sudo-rs,doas,opendoasandpleasealready exist as alternatives.hang on, there’s one called please? Are there any downsides with using please instead of sudo?
From what I can see, it’s a sudo clone with added optional regex functionality, written in Rust.
So you can use it just like sudo, or you can limit superuser rights to directory names that contain a 💩 emoji, but only on Mondays.Interesting. I just found out that you can just use alias to use please instead of sudo which is cool!
It promotes familiarity with the machine which is best to avoid. Except of course if the machine uprising happens, then it would be in you favour to have been using it for years.
and let’s not forget - systemd, which has RedHat money backing it up.
Hope you don’t see who pays for kernel development…
Why? I’m not against developers getting paid to do FOSS work. It’s far more reasonable than the whole “bazaar of free people”-model that lives entirely on ideology.
It reminds me somehow to the famous xkcd webcomic: https://xkcd.com/2347
Of those who regularly donate (or think of donating) to FOSS projects, how many of them would’ve even had
sudocross their mind as a potential recipient for those donations?<username> is not in the donors file. This incident will be reported.
Also relevant:
This isn’t relevant to anything in this thread. At all.
gtfo with that alt-reich slop
Nope none of this crap
The third frame here needs to be the same businessman in increasingly more fancy suits or gold or other gaudy-ass shit.
Yeah, the transition from the third frame to the fourth frame just doesn’t make sense as currently depicted; why would people playing video games suddenly start to revolt?
However, if the third frame were to depict rich men getting richer as you suggest, then the revolt in the fourth frame would make more sense.
You’re putting way too much thought into analyzing AI slop
damnit it got mee tooooooooooooo
i not looking at anything but darkwing duck from now on
I can get with that. More darkwing duck, less beans
Pretty sure the usage of an ai generated meme makes you one of the weak
Really? You want to post slop on Lemmy? That’s what went through your brain? That’s what you considered a good enough idea that you’d execute it?
Not just AI slop but a right wing dog whistle as AI slop.
And also… Completely irrelevant to the discussion. What’s the connection?
It’s not a dog whistle when its meaning is plainly and purposefully obvious.
Not gonna lie, kinda blame systemd for this. The more utilities they swallow the more funding gets concentrated to the RedHat folks, and the less freedom you have to choose different software. They’ve certainly made some improvements in specific utilities, but there is an invisible cost of centralization
It doesn’t seem any money that the sudo developer had received was redirected to systemd, even though systemd has its own sudo called run0, with interesting features such as limiting the amount of memory or CPU a command it runs can use. His employer supported sudo as his side project while he was employed to work on something else. The funding from big tech is instead going to the Rust rewrite, sudo-rs and other projects of its community.
I didn’t mean they were directly responsible for him losing the sponsorship, just that it has made it harder to find new ones.
If my memory serves this isn’t the first time systemd has moved into a space and the existing infrastructure has withered away. Vaguely thinking udev or logind, but its not so much a critique as a worry. I’ve played with OpenRc, RunIt, and Upstart over the years, and I want them to remain viable alternatives
