On 15/05/2026 at 21:07, Marc Haber wrote:
My idea is to ship an /etc/sudoers.d/zz_sudo_group file while keeping
the %sudo ALL rule in /etc/sudoers, documenting the doubling of the
%sudo ALL rule both in comments in /etc/sudoers (which a user will not
see if they do not accept the package changes to the file) AND in
NEWS.Debian AND in the release notes for at least forky.
In forky+1 or forky+2 we could then remove the %sudo ALL rule from /etc/
sudoers proper, while keeping the change documented in the release notes
for all relevant releases.
IIUC, the final state is that the %sudo rule is in
/etc/sudoers.d/zz_sudo_group instead of /etc/sudoers. Then I have two
questions:
1) What is the point of the intermediate state with the %sudo rule in
both files ?
2) AFAICS the final state is functionally the same as the current state,
so what is the point of this transition ?
But that is not yet decided at all, it's a fully new idea.
Not speaking for d-i maintainers, but I believe that the first step is
to define each stage of the transition of sudo package; then installer
components can be updated to accommodate to the changes, as usual.
