Move sudo to community
sudo is in the
main repository, which requires us to provide security support for 2 years. Upstream
sudo does not provide an "LTS" lifecycle, so this requires either performing security upgrades during the maintenance lifecycle, or backporting security fixes by hand.
Benefit to Alpine
Prior to the creation of the security team, there was an unofficial preference to push
doas as the preferred pivot tool for Alpine. This reinforces that messaging.
Additionally, we do not have to support
sudo for a 2 year lifecycle, since there are no LTS branches for it.
If there is a problem with implementing this plan, we will move
sudo back to
community, but no such problem is expected.
This will need to be documented in the release notes. We should recommend
doas as the preferred pivot tool, noting that
sudo is available in
community if explicitly wanted.
@kdaudt and @kaniini will implement this change on behalf of @team/security.
We would like to implement this change within the next few weeks, with TSC approval.