Public bug reported: [Availability] The package sudo-common is already in Ubuntu universe. The package sudo-common builds for the architectures it is designed to work on. It currently builds and works for architectures: All, binary file is not produced by package, only configuration files are installed. Link to package https://launchpad.net/ubuntu/+source/sudo-common
[Rationale] The package sudo-common is required in Ubuntu main for sudo and sudo-rs. The package sudo-common will not generally be useful for a large part of our user base, but is important/helpful still because it removes the dependency on sudo for sudo-rs, as the plan is to move sudo to Ubuntu universe by 26.10. The configuration files are identical to what has been distributed in the previous sudo versions. Additionally new use-cases enabled by this include providing configuration defaults in its /usr/share/sudo-common path that are shared between sudo and sudo-rs, thereby allowing misconfigured files to be restored without needing internet access to download them from the sudo package itself. There is no other/better way to solve this that is already in main or should go universe->main instead of this, because the other approach of shipping default configuration files in sudo-rs instead means maintaining them in two places and increases the risk of out of sync misconfiguration. This is the first time package will be in main The binary package sudo-common needs to be in main since it is a dependency of sudo-rs version 0.2.10-1ubuntu2 and sudo version 1.9.17p2-1ubuntu2, that are in main already. The package sudo-common is required in Ubuntu main no later than the the day before feature freeze of 26.04 (February 16th, 2026) to solve the current component mismatches of sudo and sudo-rs. [Security] No CVEs/security issues in this software in the past as it is configuration files only and no code. Security issues arise only in context of the packages using it (sudo and sudo-rs). Note: this package has not existed prior, but it supplies default configuration files for the Ubuntu system meaning that misconfigurations would have the potential of leading to security issues in sudo/sudo-rs. - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Security has been kept in mind and common isolation/risk-mitigation patterns are in place utilizing the following features: * Package files exist only in /usr/share/sudo-common and /etc/* (configuration files only). /usr/share/sudo-common can be read by all users but only writable by root, and /etc/* is only readable and writable by root. - Packages does not open privileged ports (ports < 1024). - Package does not expose any external endpoints - Packages does not contain extensions to security-sensitive software [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does not have too many, long-term & critical, open bugs - Ubuntu https://bugs.launchpad.net/ubuntu/+source/sudo-common/+bug - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] The package does not run any test at build time because it contains no executable code, only configuration files. RULE: - The package should, but is not required to, also contain RULE: non-trivial autopkgtest(s). The package runs an autopkgtest (MP is up), and is currently passing on this TBD list of architectures: all, LINK TO TEST LOGS The package does have not failing autopkgtests right now. [Quality assurance - packaging] A mechanism to detect and fetch new upstream versions is not present because it is a native package. debian/control defines a correct Maintainer field RULE: - It is often useful to run `lintian --pedantic` on the package to spot RULE: the most common packaging issues in advance RULE: - Non-obvious or non-properly commented lintian overrides should be RULE: explained This package does not yield massive lintian Warnings, Errors https://launchpadlibrarian.net/845124858/buildlog_ubuntu-resolute- amd64.sudo-common_1.1ubuntu_BUILDING.txt.gz lintian --pedantic generates no output (OK). Lintian overrides are not present. - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies - The package will be installed by default, but does not ask debconf questions higher than medium - Packaging and build is easy, content of debian/rules: ``` #!/usr/bin/make -f %: dh $@ ``` [UI standards] - Application is not end-user facing (does not need translation) [Dependencies] - Used check-mir from ubuntu-dev-tools to validate all dependencies or recommends are in main. [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be Foundations and I have their acknowledgment for that commitment. - The future owning team is not yet subscribed, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code - This package is not rust based - The package has been built within the last 3 months in the archive - Build link on launchpad: https://launchpad.net/ubuntu/+source/sudo-common/1.1ubuntu/+build/32198050 Note: package is built on amd64 for "all" architectures as it contains only architecture independent configuration files. - This change will not impact other teams, unless something is significantly broken in which case Foundations team will take care of fixing it. [Background information] The Package description explains the package well. ** Affects: sudo-common (Ubuntu) Importance: Undecided Status: New ** Description changed: [Availability] The package sudo-common is already in Ubuntu universe. The package sudo-common builds for the architectures it is designed to work on. It currently builds and works for architectures: All, binary file is not produced by package, only configuration files are installed. Link to package https://launchpad.net/ubuntu/+source/sudo-common [Rationale] The package sudo-common is required in Ubuntu main for sudo and sudo-rs. The package sudo-common will not generally be useful for a large part of our user base, but is important/helpful still because it removes the dependency on sudo for sudo-rs, as the plan is to move sudo to Ubuntu universe by 26.10. + The configuration files are identical to what has been distributed in + the previous sudo versions. + Additionally new use-cases enabled by this include providing configuration defaults in its /usr/share/sudo-common path that are shared between sudo and sudo-rs, thereby allowing misconfigured files to be restored without needing internet access to download them from the sudo package itself. There is no other/better way to solve this that is already in main or should go universe->main instead of this, because the other approach of shipping default configuration files in sudo-rs instead means maintaining them in two places and increases the risk of out of sync misconfiguration. - This is the first time package will be in main - The binary package sudo-common needs to be in main since it is a dependency + The binary package sudo-common needs to be in main since it is a dependency of sudo-rs version 0.2.10-1ubuntu2 and sudo version 1.9.17p2-1ubuntu2, that are in main already. - The package sudo-common is required in Ubuntu main no later than the + The package sudo-common is required in Ubuntu main no later than the the day before feature freeze of 26.04 (February 16th, 2026) to solve the current component mismatches of sudo and sudo-rs. [Security] No CVEs/security issues in this software in the past as it is configuration - files only and no code. Security issues arise only in context of the packages + files only and no code. Security issues arise only in context of the packages using it (sudo and sudo-rs). Note: this package has not existed prior, but it supplies default configuration files for the Ubuntu system meaning - that misconfigurations would have the potential of leading to security issues + that misconfigurations would have the potential of leading to security issues in sudo/sudo-rs. - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Security has been kept in mind and common isolation/risk-mitigation - patterns are in place utilizing the following features: - * Package files exist only in /usr/share/sudo-common and - /etc/* (configuration files only). /usr/share/sudo-common can be - read by all users but only writable by root, and /etc/* is only readable - and writable by root. + patterns are in place utilizing the following features: + * Package files exist only in /usr/share/sudo-common and + /etc/* (configuration files only). /usr/share/sudo-common can be + read by all users but only writable by root, and /etc/* is only readable + and writable by root. - Packages does not open privileged ports (ports < 1024). - Package does not expose any external endpoints - Packages does not contain extensions to security-sensitive software [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does - not have too many, long-term & critical, open bugs + not have too many, long-term & critical, open bugs - Ubuntu https://bugs.launchpad.net/ubuntu/+source/sudo-common/+bug - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] The package does not run any test at build time because it contains no executable code, only configuration files. RULE: - The package should, but is not required to, also contain RULE: non-trivial autopkgtest(s). - The package runs an autopkgtest, and is currently passing on + The package runs an autopkgtest (MP is up), and is currently passing on this TBD list of architectures: all, LINK TO TEST LOGS The package does have not failing autopkgtests right now. [Quality assurance - packaging] A mechanism to detect and fetch new upstream versions is not present because it is a native package. debian/control defines a correct Maintainer field RULE: - It is often useful to run `lintian --pedantic` on the package to spot RULE: the most common packaging issues in advance RULE: - Non-obvious or non-properly commented lintian overrides should be RULE: explained This package does not yield massive lintian Warnings, Errors https://launchpadlibrarian.net/845124858/buildlog_ubuntu-resolute- amd64.sudo-common_1.1ubuntu_BUILDING.txt.gz - TODO: - Please attach the full output you have got from - TODO: `lintian --pedantic` as an extra post to this bug. - Lintian overrides are not present + lintian --pedantic generates no output (OK). + + Lintian overrides are not present. - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies - The package will be installed by default, but does not ask debconf - questions higher than medium + questions higher than medium - Packaging and build is easy, content of debian/rules: ``` #!/usr/bin/make -f %: - dh $@ + dh $@ ``` [UI standards] - Application is not end-user facing (does not need translation) [Dependencies] - - Used check-mir from ubuntu-dev-tools to validate - all dependencies or recommends are in main. + - Used check-mir from ubuntu-dev-tools to validate + all dependencies or recommends are in main. [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - - The owning team will be Foundations and I have their acknowledgment - for that commitment. + - The owning team will be Foundations and I have their acknowledgment + for that commitment. - The future owning team is not yet subscribed, but will subscribe to - the package before promotion + the package before promotion - This does not use static builds - This does not use vendored code - This package is not rust based - The package has been built within the last 3 months in the archive - Build link on launchpad: - https://launchpad.net/ubuntu/+source/sudo-common/1.1ubuntu/+build/32198050 - Note: package is built on amd64 for "all" architectures as it contains only - architecture independent configuration files. + https://launchpad.net/ubuntu/+source/sudo-common/1.1ubuntu/+build/32198050 + Note: package is built on amd64 for "all" architectures as it contains only + architecture independent configuration files. - This change will not impact other teams, unless something is significantly - broken in which case Foundations team will take care of fixing it. + broken in which case Foundations team will take care of fixing it. [Background information] The Package description explains the package well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2139408 Title: [MIR] sudo-common To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo-common/+bug/2139408/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
