imagine if he said fuck it and turned sudo into a crypto mining malware
$udo
To be honest, it wouldn't take much for distro maintainers to detect that and stop it
Lulz would be had.
It’s been 12 years since Heartbleed and we’ve had numerous ”lone maintainer” issues since then. The situation shouldn’t come as a surprise or be especially ”hard to believe”.
This is the state of free software, especially when it matures.
Unless the creators manage to roll some kind of ”commercial” version, it’s not very sustainable in the long run. Turns out many eyes don’t really equal many PRs
This is the state of free software, especially when it matures.
The state of free software also includes the fact that even if the sudo maintainer doesn't find support, no one steps up and sudo becomes unmaintained, sudo-rs, doas, opendoas, run0 and please already exist as alternatives.
and let's not forget - systemd, which has RedHat money backing it up.
Hope you don't see who pays for kernel development…
Why? I'm not against developers getting paid to do FOSS work. It's far more reasonable than the whole "bazaar of free people"-model that lives entirely on ideology.
hang on, there's one called please? Are there any downsides with using please instead of sudo?
It promotes familiarity with the machine which is best to avoid. Except of course if the machine uprising happens, then it would be in you favour to have been using it for years.
In my experience a lot of these old projects really go out of their way to dissuade contributions anyway. Lots of naysaying "it's always been like that", ancient infrastructure - e.g. insisting on git send-email patches, etc.
Usually the only way it gets resolved is when someone writes a more modern competitor and it starts gaining traction. Suddenly all those improvements that people tried to do and were told were impossible and stupid aren't such a bad idea after all.
I don't think that's the case with Unity but it probably is with things like GCC, sudo, sysvinit, X11, etc.
That Ubuntu unity article where the maintainer was a 10 year old when he started the project but now has shit to do is pretty funny.
Please link article thanks
This has been depressing for a while now. I’m a big Unity fan and I’m concerned about the future.
"Maybe someone could teach us how things are done so that we can take it over in time," Adamietz added.
Wasn’t any of this documented anywhere? And who are these other team members they interviewed? How is it they don’t know how to write code? Are they just manual testers or something?
I’d try to help myself if there was some decent documentation on where to begin. But if it’s all in this kids head, we might be kinda fucked.
Following publication, Miller has been in touch to tell us that he has no plans to abandon sudo, or even hand it off, but he suspects change is still on the horizon for the essential tool.
"While I don't expect to maintain sudo for an additional 30 years, I also don't currently have someone to pass the torch to," Miller told us. He noted that the xz utils backdoor has made him hesitant to hand it off to someone he doesn't know, and that he "feels responsible for sudo" after having spent so long as its lead dev and maintainer.
Unfortunately, a lack of financial backing means sudo work has ground to a glacial pace.
"Since I have limited time I've mostly been focused on fixing bugs and cleaning up the code base rather than adding new features," Miller said. "As a result the amount of time I spend is heavily influenced by the bug reports I receive."
Funding or not, Miller expects sudo-rs to become the next generation of the tool in coming years.
"Ubuntu is already shipping sudo-rs as the default sudo command in their latest versions," Miller told us. "I've been in contact with the people working on sudo-rs since the project started and I trust them to do right by the sudo user base."
Regardless of what happens, Miller agrees the sudo situation he's in is yet another example of how open-source maintainers is putting the entire computing community in a bind.
"Without some form of assistance it is untenable," Miller said. "Maintainer burn-out is real."
It reminds me somehow on the famous xkcd webcomic: https://xkcd.com/2347
Edit for an addition: Maybe it's also a reminder that we should frequently donate when we use FOSS.
Funding or not, Miller expects sudo-rs to become the next generation of the tool in coming years.
"Ubuntu is already shipping sudo-rs as the default sudo command in their latest versions," Miller told us. "I've been in contact with the people working on sudo-rs since the project started and I trust them to do right by the sudo user base."
Projects don't last forever, and when they inevitably end, it's an opportunity to switch to something newer and hopefully better. Sudo coming to an end, if it does, will just force people onto alternatives.
Being open source, sudo will always exist, whether someone else wants to maintain it, fork it, use it as-is, or just reference it. It's because it's open source that it can serve a purpose even beyond its EOL.
Anyway, sudo's not dead yet, so there's still plenty of time for people to look at what's out there. Some distros have already moved to, or are considering moving to, alternatives like sudo-rs, so I'd expect that to continue.
According to the above Robert Manner and AZero13 also have one contribution each. There's also the https://opencollective.com/sudo-project which has a board.
If Todd wants to pass off the project he has all the resources to do this.
Excuse me, but how isn't this a core feature, or do I think too complicated?
Don't tap Jia Tan…
Isn't the whole point of FOSS software that anyone can fork it?
The article points out that sudo has already been forked by Ubuntu maintainer canonical into sudo-rs which reimplements sudo in rust with better memory protections. It also states that the maintainer of sudo expects sudo-rs to be the future of sudo.
sudo-rs is not a fork.
You can fork it. Are you gonna maintain your fork? Is your fork going to be adopted by the majority of distributions?
Just waiting for another xz utils situation
The fact that the FOSS model is still considered the best thing ever is so sad to me. The "free" part is clearly not working. Or rather it is working as is now intended: free labour for the private sector to exploit.
The Telekommunist Manifesto for the longer version of this 🙃
I'm not so sure the "open source" part is working either when you think about how AI tools were trained.
It's really sad, because the accessibility of developing software and collaborative nature of the open source community is a big part of what drew me to software engineering as a career, and it's always been one of the first things I mention about why I love it. But, of course, these fucking evil companies found a way to take every individual part of something good and twist it into something awful.
Funny, you are using with lemmy something for free, which is to some extent in the spirit of FOSS.
How is the free part not working? FOSS is the cure of the industry. Or do you think Adobe and Microsoft is working that great? Imagine if we didn't have FOSS...
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Follow the wormhole through a path of communities !webdev@programming.dev
