what about sudo-rs?
The install error will be resolved once sudo-rs is promoted to main. Bug #2113928 “[MIR] rust-sudo-rs” : Bugs : rust-sudo-rs package : Ubuntu
So we’re rushing the adoption of a replacement to a battle-tested, rock-solid, absolutely fundamental suite of tools, replacement that is on a version as early as 0.2.0; we’re doing it on Ubuntu 25.10, but really aiming at the next LTS version of Ubuntu, doing so before any other major distributions dare switch, changing the license along the way, knowing that it is feature-incomplete (naturally, being it so early in the development cycle), to a distribution as omnipresent on servers everywhere as Ubuntu LTS is, all of that with the sheer promise that it will be “memory-safe”?
That sounds like a very ideological decision, disguised as a technical one.
4 Likes
From a security perspective using Rust seems like a compromise in this case; while potentially gaining “memory safety” in future development, there is an increased risk of supply chain attacks due to the Cargo package manager system. Sure, you get “modern” coreutils, but also “modern” attack surfaces.
3 Likes
The project comes with locked dependencies, and I’m sure no PR that touches dependencies won’t be approved without inspecting what the added dependencies actually do. IMO this is more transparent with cargo than with autotools. Crates get tested automatically and reviewed by increasing number of experts, and they’re not pulling random crates that are low quality.
1 Like