3.15: Move sudo to community
Summary
At present, sudo is in the main repository, which requires us to provide security support for 2 years. Upstream sudo does not provide an "LTS" lifecycle, so this requires either performing security upgrades during the maintenance lifecycle, or backporting security fixes by hand.
Benefit to Alpine
Prior to the creation of the security team, there was an unofficial preference to push doas as the preferred pivot tool for Alpine. This reinforces that messaging.
Additionally, we do not have to support sudo for a 2 year lifecycle, since there are no LTS branches for it.
Contingency Plan
If there is a problem with implementing this plan, we will move sudo back to main from community, but no such problem is expected.
Documentation
This will need to be documented in the release notes. We should recommend doas as the preferred pivot tool, noting that sudo is available in community if explicitly wanted.
Owners
@kdaudt and @kaniini will implement this change on behalf of @team/security.
Timeline
We would like to implement this change within the next few weeks, with TSC approval.