Hi Marc!
On Thu, Mar 27, 2025 at 06:01:55PM +0100, Marc Haber wrote:
> We have been shipping sudo_logsrvd by accident as we were not aware of
> that program existing. I would like to apologize for that.
No need to apologize, I can see your arguments.
Actually, it's me whih should do so, as I volunteered a long time ago to
take care of that, and then disappeared. Sorry for that. I got covered
in work after some layoffs while still keeping project :/
I see that you already clarified on the sudo list, that openssl can be
disabled at configure. So my proposal would be:
* Add --disable-openssl to the "normal" sudo binary package
* Question: Should we also disable logsrv support in the package,
given that it you transfer logs securely?
* Add openssl as builddepends. That will enable openssl support in
the sudo-ldap pacakge.
If possible / desidred before Trixie (so more or less right now):
* Split of logsrvd into a seperate binary package.
If not possible before Trixie:
* Would a low priortiy debconf question to sudo-ldap whether logsrvd should be
enabled be a good idea?
Considerationts post trixie we could:
Rename sudo-ldap to "sudo-full" and the normal sudo to sudo-minimal and a
transition package sudo pointing to sudo-minimal?
Best regards,
Alexander
