this post was submitted on 04 Feb 2026
380 points (99.5% liked)

Programming

25249 readers
698 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev
380
Sudo maintainer, handling utility for more than 30 years, is looking for support (www.theregister.com)
submitted 18 hours ago by randomname@scribe.disroot.org to c/programming@programming.dev
72 comments fedilink hide all child comments
 

It's hard to imagine something as fundamental to computing as the sudo command becoming abandonware, yet here we are: its solitary maintainer is asking for help to keep the project alive.

Archived version

top 50 comments
sorted by: hot top controversial new old
[–] Slashme@lemmy.world 10 points 1 hour ago

Following publication, Miller has been in touch to tell us that he has no plans to abandon sudo, or even hand it off, but he suspects change is still on the horizon for the essential tool.

"While I don't expect to maintain sudo for an additional 30 years, I also don't currently have someone to pass the torch to," Miller told us. He noted that the xz utils backdoor has made him hesitant to hand it off to someone he doesn't know, and that he "feels responsible for sudo" after having spent so long as its lead dev and maintainer.

Unfortunately, a lack of financial backing means sudo work has ground to a glacial pace.

"Since I have limited time I've mostly been focused on fixing bugs and cleaning up the code base rather than adding new features," Miller said. "As a result the amount of time I spend is heavily influenced by the bug reports I receive."

Funding or not, Miller expects sudo-rs to become the next generation of the tool in coming years.

"Ubuntu is already shipping sudo-rs as the default sudo command in their latest versions," Miller told us. "I've been in contact with the people working on sudo-rs since the project started and I trust them to do right by the sudo user base."

Regardless of what happens, Miller agrees the sudo situation he's in is yet another example of how open-source maintainers is putting the entire computing community in a bind.

"Without some form of assistance it is untenable," Miller said. "Maintainer burn-out is real."

[–] please_send_me_nudes_girl 4 points 1 hour ago

Excuse me, but how isn't this a core feature, or do I think too complicated?

[–] WorldsDumbestMan@lemmy.today 0 points 30 minutes ago

Or get this: Linux is perfect as it is, so are current PC's.

Ship it pre-installed on shovelware PC's, you don't need better.

[–] Defectus@lemmy.world 3 points 4 hours ago

One does not simply maintain sudo (lotrmeme.jpg)

[–] TehPers@beehaw.org 18 points 12 hours ago (1 children)

Funding or not, Miller expects sudo-rs to become the next generation of the tool in coming years.

"Ubuntu is already shipping sudo-rs as the default sudo command in their latest versions," Miller told us. "I've been in contact with the people working on sudo-rs since the project started and I trust them to do right by the sudo user base."

Projects don't last forever, and when they inevitably end, it's an opportunity to switch to something newer and hopefully better. Sudo coming to an end, if it does, will just force people onto alternatives.

Being open source, sudo will always exist, whether someone else wants to maintain it, fork it, use it as-is, or just reference it. It's because it's open source that it can serve a purpose even beyond its EOL.

Anyway, sudo's not dead yet, so there's still plenty of time for people to look at what's out there. Some distros have already moved to, or are considering moving to, alternatives like sudo-rs, so I'd expect that to continue.

[–] crmsnbleyd@sopuli.xyz 1 points 4 hours ago (2 children)

sudo-rs might never be adopted as a default in many distros precisely because it's in rust. or rust adoption gets better and better to the point that it runs everywhere.

[–] TehPers@beehaw.org 1 points 28 minutes ago

It doesn't have to be. There are multiple sudo alternatives.

[–] biotin7@sopuli.xyz 3 points 1 hour ago (1 children)

Actually it's because of the licence

[–] vala@lemmy.dbzer0.com 2 points 1 hour ago

Absolutely. Rust is great. The license change is terrible.

[–] breadsmasher@lemmy.world 112 points 18 hours ago (4 children)

imagine if he said fuck it and turned sudo into a crypto mining malware

[–] Scrollone@feddit.it 19 points 12 hours ago (1 children)

To be honest, it wouldn't take much for distro maintainers to detect that and stop it

[–] JustEnoughDucks@feddit.nl 2 points 3 hours ago (1 children)

But who is seriously looking at the sudo code at every update. I would bet a lot of money that the vast majority simply trust him and gloss over it maximum.

The chain of trust has to exist otherwise distrobox maintainers would spend 24 hours a day reviewing code changes and only update once every 6 months.

[–] cows_are_underrated@feddit.org 2 points 59 minutes ago

You may want to look into how the xz backdoor has been discovered. That backdoor was very well hidden. Implementing a crypto mining malware would be blatantly obvious and yes, people do in fact look at such code

[–] muhyb@programming.dev 61 points 18 hours ago

$udo

load more comments (2 replies)
[–] 0xtero@beehaw.org 79 points 17 hours ago (2 children)

It’s been 12 years since Heartbleed and we’ve had numerous ”lone maintainer” issues since then. The situation shouldn’t come as a surprise or be especially ”hard to believe”.

This is the state of free software, especially when it matures.

Unless the creators manage to roll some kind of ”commercial” version, it’s not very sustainable in the long run. Turns out many eyes don’t really equal many PRs

[–] mech@feddit.org 39 points 16 hours ago* (last edited 13 hours ago) (4 children)

This is the state of free software, especially when it matures.

The state of free software also includes the fact that even if the sudo maintainer doesn't find support, no one steps up and sudo becomes unmaintained, sudo-rs, doas, opendoas, run0 and please already exist as alternatives.

[–] sbeak@sopuli.xyz 5 points 2 hours ago (2 children)

hang on, there's one called please? Are there any downsides with using please instead of sudo?

[–] mech@feddit.org 3 points 2 hours ago (1 children)

From what I can see, it's a sudo clone with added optional regex functionality, written in Rust.
So you can use it just like sudo, or you can limit superuser rights to directory names that contain a 💩 emoji, but only on Mondays.

[–] sbeak@sopuli.xyz 2 points 40 minutes ago

Interesting. I just found out that you can just use alias to use please instead of sudo which is cool!

[–] Brickhead92@lemmy.world 4 points 2 hours ago

It promotes familiarity with the machine which is best to avoid. Except of course if the machine uprising happens, then it would be in you favour to have been using it for years.

load more comments (3 replies)
[–] FizzyOrange@programming.dev 22 points 15 hours ago (1 children)

In my experience a lot of these old projects really go out of their way to dissuade contributions anyway. Lots of naysaying "it's always been like that", ancient infrastructure - e.g. insisting on git send-email patches, etc.

Usually the only way it gets resolved is when someone writes a more modern competitor and it starts gaining traction. Suddenly all those improvements that people tried to do and were told were impossible and stupid aren't such a bad idea after all.

I don't think that's the case with Unity but it probably is with things like GCC, sudo, sysvinit, X11, etc.

[–] srestegosaurio@lemmy.dbzer0.com 3 points 5 hours ago

I think that's at least a big part of it. There's so much unnecessary friction in legacy projects that, while understandable to a degree, sucks.

[–] roguetrick@lemmy.world 62 points 17 hours ago (4 children)

That Ubuntu unity article where the maintainer was a 10 year old when he started the project but now has shit to do is pretty funny.

load more comments (4 replies)
[–] some_guy 8 points 12 hours ago

Don't tap Jia Tan…

load more comments
view more: next ›