[arp242]

Maybe expecting projects that mostly consist of a single guy working on it in their spare time to be "NSA proof" isn't really realistic?

Folk love to bring up "responsibility" and all of that, but you can't really expect people to bear the responsibility of the world on their shoulders for their spare time projects. It's neither realistic nor fair.

[Someone]

No, you can’t. I think the blame shouldn’t be on this author, but on those choosing to install it or, worse, choosing to ship it on their OS.

OpenBSD replaced sudo with doas (http://man.openbsd.org/doas) in 2016 (https://www.infoworld.com/article/3099038/openbsd-60-tighten...). It’s a safe bet it’s more secure than sudo.

[greggyb]

Sudo was (maybe still is?) an OpenBSD project. I don't believe it originated there, but their code forms/formed the basis for sudo pretty much everywhere, much like OpenSSH.

[JoachimS]

doas is a a really good replacement.

[pocketgrok]

Maybe something that’s sole purpose is privilege escalation, like sudo, should come with some expectation of responsibility.

[jolux]

No, but having tests is an acceptable baseline.

[arp242]

There are tests. Are there enough tests? Maybe not. But people can do in their spare time whatever they want, including writing code without tests.

[jolux]

The thing is, "do what thou wilt" is clearly indefensible as an engineering standard, and I doubt you would disagree. So yes, I can't force anyone to write tests.

However, I do want to see programming as a culture adopt a higher standard when it comes to checking their work, and I think the continued prevalence of bugs like this are an indicator that we actually need to do so. I'm not asking for NSA-proof because that's not reasonable. But memory safety is a solved problem, and we need to be putting in the legwork to make more of our stack memory safe.

[brigandish]

People can do what they want in their spare time, true, but that it is their spare time does not make the action responsible or irresponsible, nor does it shelter them from responsibility.

Not wearing a seatbelt when at work or in your spare time is irresponsible.

Writing code, without tests, that others use (and for security at that) is irresponsible.

[samatman]

Y'know, I don't agree with you in general, and you did put this in general terms.

But this is frakkin sudo we're talking about.

It's a wonder that anything works, ever.

[arp242]

Yeah, this goes back to the whole "Open Source and corporate funding" story. As far as I can find, sudo doesn't get any direct funding at the moment, although various companies have undoubtedly contributed patches.

[brigandish]

It’s nice when those with differing viewpoints can find common ground over their profound disappointment with the world (or at least their profession).

Reading the code of important open source projects is not for the faint hearted!

[gerikson]

From https://www.sudo.ws/license.html

> THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

If you don't like this license, you're free to use other software.

[brigandish]

What’s that got to do with what I wrote?

Nothing, as far as I can see. If someone writes some crappy security software and hides behind a licence that only means those relying on it have joined them in being irresponsible. Responsibility multiplies, it’s not zero-sum.

[vntok]

Parent's comment has got everything to do with yours: you are feeling like the software somehow owes you to be merchandable and fit , while the software's license explicitely rejects ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS .

There is a large disconnect here.

[arp242]

> Writing code, without tests, that others use (and for security at that) is irresponsible.

You can choose to run this code, or you can choose not to run this code. It's really up to you.

This is very different from a sealbelt, as I can't choose to not have an accident with you, potentially causing a needless fatality.

[brigandish]

> This is very different from a seatbelt

You can choose to wear this seatbelt, or you can choose not to wear this seatbelt. It's really up to you.

[lmm]

This code is advertised as a security tool, is it not? The only reason anyone runs sudo is because it (supposedly) improves their security. I think some responsibility comes with that.

[magnostherobot]

I don't use sudo to improve my security; I use sudo because it's what I've become familiar with.

I don't want to come across as pedantic - the point I mean to make is that I think a lot of people use sudo without thinking about it much. Sudo's just "the way to use linux" for a lot of people I know.

I don't think the sudo contributors should be labelled as irresponsible, because everything they've added to the project is available for the public to see and scrutinise. I don't think they've ever mislead people; rather that people have assumed things.

Maybe people who care about security will notice now that sudo doesn't have comprehensive testing, and will make their own alternative.

[arp242]

So people should be obliged to spend more of their free time?

I know this is not exactly what you're trying to say, but it is what it comes down to.

[GoblinSlayer]

That's fine, existing software comes first, decent software comes second, sudo is the former. That said, it's a good candidate for riir (safety, right?), but riir happened to grep instead.