Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • TSC TSC
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 26
    • Issues 26
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 4
    • Merge requests 4
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Infrastructure Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • TSCTSC
  • Issues
  • #1

Closed
Open
Created Jul 23, 2021 by Ariadne Conill@ariadne🐰Developer

Move sudo to community

Summary

At present, sudo is in the main repository, which requires us to provide security support for 2 years. Upstream sudo does not provide an "LTS" lifecycle, so this requires either performing security upgrades during the maintenance lifecycle, or backporting security fixes by hand.

Benefit to Alpine

Prior to the creation of the security team, there was an unofficial preference to push doas as the preferred pivot tool for Alpine. This reinforces that messaging.

Additionally, we do not have to support sudo for a 2 year lifecycle, since there are no LTS branches for it.

Contingency Plan

If there is a problem with implementing this plan, we will move sudo back to main from community, but no such problem is expected.

Documentation

This will need to be documented in the release notes. We should recommend doas as the preferred pivot tool, noting that sudo is available in community if explicitly wanted.

Owners

@kdaudt and @kaniini will implement this change on behalf of @team/security.

Timeline

We would like to implement this change within the next few weeks, with TSC approval.

Edited Nov 19, 2021 by Kevin Daudt
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking