Hi Marc!

On Thu, Mar 27, 2025 at 06:01:55PM +0100, Marc Haber wrote:

> We have been shipping sudo_logsrvd by accident as we were not aware of
> that program existing. I would like to apologize for that.

No need to apologize, I can see your arguments.
Actually, it's me whih should do so, as I volunteered a long time ago to
take care of that, and then disappeared. Sorry for that.  I got covered
in work after some layoffs while still keeping project :/


I see that you already clarified on the sudo list, that openssl can be
disabled at configure.  So my proposal would be:

* Add --disable-openssl to the "normal" sudo binary package
  * Question: Should we also disable logsrv support in the package,
    given that it you transfer logs securely?
* Add openssl as builddepends.  That will enable openssl support in
  the sudo-ldap pacakge.


If possible / desidred before Trixie (so more or less right now):

* Split of logsrvd into a seperate binary package.

If not possible before Trixie:
* Would a low priortiy debconf question to sudo-ldap whether logsrvd should be
  enabled be a good idea?


Considerationts post trixie we could:
Rename sudo-ldap to "sudo-full" and the normal sudo to sudo-minimal and a
transition package sudo pointing to sudo-minimal?


Best regards,
  Alexander

Reply via email to