Re: Please, don't let sudo be auto-removable
Hi José,
On Wed, Jul 30, 2025 at 06:48:45PM +0200, José Esteban wrote:
> I'I've written to sudo package maintainer, but he suggests me to
> report that here and so I do.
I am surprised that a package maintainer has told you to report anything
to debian-user. Are you sure about that? Here we are all just users of
Debian: we have no authority to make changes to anyone's packages. If
the sudo maintainer wanted to make a change to their package that is
their business and do not need anything from us.
Although, I think if they wanted to make sudo "essential" they would
need to co-ordinate that with other Debian Developers.
I also don't think they would be interested in that change as there is
generally a desire to reduce the essential set where possible.
It could perhaps be argued that if "sudo" is installed as part of the
debian-installer (when you do not provide a root password at install
time) then "sudo" should be marked as manually installed, thus not
eligible for automatic removal. Perhaps that is already the case, as you
imply that you do have a root password, in which case "sudo" would not
have been manually installed by the installer.
Anyway if you wanted to make that argument, first check if it is the
case and then contatc the debian-boot mailing list.
> Start-Date: 2025-07-30 08:30:22
> Commandline: apt-get autoremove
> Requested-By: chafar (1000)
> Remove: python3-blinker:amd64 (1.5-1), python-babel-localedata:amd64
> (2.10.3-1), python3-webcolors:amd64 (1.11.1-1), libxaw7:amd64 (2:1.0.14-1),
> python3-importlib-metadata:amd64 (4.12.0-1), libeatmydata1:amd64 (130-2+b1),
> python3-jsonpatch:amd64 (1.32-2), python3-more-itertools:amd64 (8.10.0-2),
> python3-attr:amd64 (22.2.0-1), gdisk:amd64 (1.0.9-2.1), python3-babel:amd64
> (2.10.3-1), python3-jsonschema:amd64 (4.10.3-1), python3-oauthlib:amd64
> (3.2.2-1), python3-json-pointer:amd64 (2.3-2), python3-jinja2:amd64
> (3.1.2-1+deb12u2), python3-serial:amd64 (3.5-1.1), python3-netifaces:amd64
> (0.11.0-2+b1), python3-uritemplate:amd64 (4.1.1-2), python3-markupsafe:amd64
> (2.1.2-1+b1), python3-jwt:amd64 (2.6.0-1), eatmydata:amd64 (130-2),
> python3-yaml:amd64 (6.0-3+b2), sudo:amd64 (1.9.13p3-1+deb12u1),
> python3-rfc3987:amd64 (1.3.8-2), python3-pyrsistent:amd64 (0.18.1-1+b3),
> python3-zipp:amd64 (1.0.0-6)
> End-Date: 2025-07-30 08:30:24
>
> ... sudo gets inadvertently removed within a lot of python3 packages !!!
It is only "inadvertent" because you did not like the outcome of your
own actions. The meaning of autoremove in Debian is "offer to remove
every non-essential package that no longer has any dependencies."
i.e, you only got sudo in the first place because something in there
depended on it or listed it as a recommend.
The fact that you in real life depended on it was not encoded in apckage
dependencies. As the administrator it is your duty to to know that. You
can express that you depend upon sudo being installed by manually
installing sudo by name, or using apt-mark to mark it as such. Then it
won;t be eligible for auto removal.
The only way that Debian could alter things is to make sudo an essential
package but the fact is it's not essential! Many people don't use it at
all. There are competing implementations of the same concept. There is
nothing special about sudo. These are all reasons why Debian is very
very unlikely to make a special case out of sudo.
More generally let;s say a miracle happened and Debian made sudo
essential and every new Debian install got an instal of sudo that can't
be removed. You're now happy. Until the next time you issue "apt-get
autoremove" without reading the list of what it is about to do.
The general solution to this is
1. express your dependencies
2. use dangerous commands
There is only so far the distribution can go to protect you / guess your
desires, rest is your job as admin.
> who remembers the root password ?
A rapidly assembling mob of sudo refuseniks now heading in the
direction of this thread. They got su and know how to use it.
Thanks,
Andy
PS I like sudo-rs. New in trixie! 😀
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: