Received: from mx1.mailbun.net (mx1.mailbun.net [170.39.20.100])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 2DC29782BB1
	for <~alpine/devel@lists.alpinelinux.org>; Fri, 23 Jul 2021 10:33:02 +0000 (UTC)
Received: from penelo.lan (unknown [107.125.25.140])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: ariadne@dereferenced.org)
	by mx1.mailbun.net (Postfix) with ESMTPSA id B861311386B
	for <~alpine/devel@lists.alpinelinux.org>; Fri, 23 Jul 2021 10:33:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dereferenced.org;
	s=mailbun; t=1627036380;
	bh=229EFtrFXqX+gJ0fd4wrl3pMFp3BPnhJBE7m50Kn+iI=;
	h=Date:From:To:Subject;
	b=k+y3ZNbmJ+YMtuw6rThmX33hJijXu+AhuMItOu5rWg7G8Z+Kx5cWvfxdLcwiOi8t4
	 ugYknwtIiV+jxw5TTjVHrOx/e08o3921phflF5rylRCxlVZpjN7Ah/lNnExDCj5u+6
	 IGNvUTjoMlsRwMRtnh56MJTG9ut5ZUNUj6To1Qb29LLcNh3Ra5mZgAcnR9QwXJvpNI
	 hDKlbadD/wt7eelBT3BeqeRGPOtJ8sNg7b0htAjGdPTLdrouofcX4Y0H6J/zZ8KIDU
	 Bn7eEqU+ziHMeiw7EkCKhlD+KQHYwRBVrv56mkFm1sfVQ72InvJ2R+wMrS61RLluCZ
	 Bxzw1MWJLolvQ==
Date: Fri, 23 Jul 2021 05:32:59 -0500 (CDT)
From: Ariadne Conill <ariadne@dereferenced.org>
To: ~alpine/devel@lists.alpinelinux.org
Subject: [3.15] System change proposal: Move sudo to community
Message-ID: <b99f9e90-d03c-9df2-565c-f8bf313cac2@dereferenced.org>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII

The following system change proposal has been submitted to the Technical 
Steering Committee.  If you are interested, please comment on 
https://gitlab.alpinelinux.org/alpine/tsc/-/issues/1 so that the TSC can 
consider your feedback.

===

## Summary

At present, `sudo` is in the `main` repository, which requires us to 
provide security support for 2 years.  Upstream `sudo` does not provide an 
"LTS" lifecycle, so this requires either performing security upgrades 
during the maintenance lifecycle, or backporting security fixes by hand.

## Benefit to Alpine

Prior to the creation of the security team, there was an unofficial 
preference to push `doas` as the preferred pivot tool for Alpine.  This 
reinforces that messaging.

Additionally, we do not have to support `sudo` for a 2 year lifecycle, 
since there are no LTS branches for it.

## Contingency Plan

If there is a problem with implementing this plan, we will move `sudo` 
back to `main` from `community`, but no such problem is expected.

## Documentation

This will need to be documented in the release notes.  We should recommend 
`doas` as the preferred pivot tool, noting that `sudo` is available in 
`community` if explicitly wanted.

## Owners

@kdaudt and @kaniini will implement this change on behalf of 
@team/security.

## Timeline

We would like to implement this change within the next few weeks, with TSC 
approval.

===

Ariadne