Re: sudo security Was: Reporting missing package during install

To: debian-user@lists.debian.org
Subject: Re: sudo security Was: Reporting missing package during install
From: Nate Bargmann <n0nb@n0nb.us>
Date: Tue, 10 Dec 2013 07:01:32 -0600
Message-id: <[🔎] 20131210130132.GD14020@n0nb.us>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 21158.63028.962015.30900@mail.eng.it>
References: <[🔎] 201312090001.50206.lisi.reisz@gmail.com> <[🔎] 21157.31399.63135.88312@mail.eng.it> <[🔎] 20131209094043.GQ3239@sid.nuvreauspam> <[🔎] 21157.37830.879558.114857@mail.eng.it> <[🔎] 20131209164451.GR3239@sid.nuvreauspam> <[🔎] 21157.64035.378332.381679@mail.eng.it> <[🔎] 1386610474.14806.166.camel@archlinux> <[🔎] 21158.50965.22307.269961@mail.eng.it> <[🔎] 1386670510.14806.406.camel@archlinux> <[🔎] 21158.63028.962015.30900@mail.eng.it>

* On 2013 10 Dec 05:10 -0600, Gian Uberto Lauri wrote:
> That's the point. Current sudo default configuration is "bad". That
> 4does not means that the whole sudo program is bad (except that for
> Italian speakers it smells(*) :)). Does not add security but adds
> potential harms.

Have you filed a wishlist bug report against the sudo package explaining
your concerns about the defaults and suggesting better defaults?  It's
not likely that the sudo package maintainer is reading this list so
venting here is not likely to get the defaults changed.  Be prepared for
the possibility that the maintainer will not agree with your position.

BTW, I am not a Debian Developer, just a Debian user.  I have filed some
bug reports over the years.  Some are acted on quickly, others seem to
be ignored, and some end up being resolved upstream.

If your complaint is simply that Debian even allows the option of a
single user account with sudo enabled rather than forcing separate root
and user accounts, then even I would resist the removal of the option.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Ham radio, Linux, bikes, and more: http://www.n0nb.us

Reply to:

Follow-Ups:
- Re: sudo security Was: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>

References:
- Re: Reporting missing package during install
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Reporting missing package during install
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- sudo security Was: Reporting missing package during install
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: sudo security Was: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>

Prev by Date: Re: libdrm-nouveau2/libdrm-radeon1 installed as requirement to libgl1-mesa-dri
Next by Date: Installing TrueType Fonts (TTF)
Previous by thread: Re: sudo security Was: Reporting missing package during install
Next by thread: Re: sudo security Was: Reporting missing package during install
Index(es):
- Date
- Thread