> > security model. > > > > How many users of that functionality will there be? > > > > We only need to concern ourselves with the cost; you have to justify > > the benefit. How many people were doing this with sudo, and how many > > will need this with doas? > > > > While I understand it's a good idea to limit the possibilities of setuid > programs, this patch is not an overly complicated piece of code which > does network stuff or interacts with something the original programs > doesn't already use.
If I understand it right, it asks more of the bsd auth layer. > Estimating the number of users which use the feature is quite hard, but > I think many people using a yubikey use that feature at some point. Do you mean many -- as in 1% of openbsd users? I'm going to suggest less than 1% of openbsd users by far. Kind of making the word many meaningless.