Package: kde-cli-tools Version: 4:5.10.5-2 Severity: important Dear Maintainer,
kde-cli-tools 4:5.12.4-1 has a hard dependency on kdesu, which indirectly depends on sudo, making it impossible to upgrade KDE without creating a serious, unnecessary security risk. Frankly, I consider it a bug that sudo is available in Debian at all. Others obviously disagree, but that's no reason to tie unrelated packages to it like this. Please move kdesu into its own package, and make it optional again. In the mean time, others with my concern can mitigate this risk by neutralizing sudo before installing it. To do that, run the following command (as root) before installing sudo: # dpkg-statoverride --add root root 644 /usr/bin/sudo -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages kde-cli-tools depends on: ii kde-cli-tools-data 4:5.10.5-2 ii kio 5.37.0-2 ii libc6 2.26-6 ii libkf5completion5 5.37.0-2 ii libkf5configcore5 5.37.0-2 ii libkf5configwidgets5 5.37.0-2 ii libkf5coreaddons5 5.37.0-3 ii libkf5i18n5 5.37.0-2 ii libkf5iconthemes5 5.37.0-2 ii libkf5kcmutils5 5.37.0-2 ii libkf5kiocore5 5.37.0-2 ii libkf5kiowidgets5 5.37.0-2 ii libkf5service-bin 5.37.0-2 ii libkf5service5 5.37.0-2 ii libkf5su-bin 5.37.0-2 ii libkf5su5 5.37.0-2 ii libkf5widgetsaddons5 5.37.0-2 ii libkf5windowsystem5 5.37.0-2 ii libqt5core5a 5.9.2+dfsg-9 ii libqt5dbus5 5.9.2+dfsg-9 ii libqt5gui5 5.9.2+dfsg-9 ii libqt5svg5 5.9.2-3 ii libqt5widgets5 5.9.2+dfsg-9 ii libqt5x11extras5 5.9.2-1 ii libstdc++6 7.3.0-1 ii libx11-6 2:1.6.4-3 kde-cli-tools recommends no packages. kde-cli-tools suggests no packages. -- no debconf information
