[eevilspock]

I'm leery of configuring user code to automatically modify system files, especially security related ones. I think your tool should at least have an option to ask user confirmation, perhaps showing the expected file diff, before making its change. https://github.com/YuriyGuts/persistent-touch-id-sudo/issues...

System updates are not frequent. I prefer doing it manually, and just automating a notification that it needs to be redone. I added this to my `.bashrc`:

    if ! grep -q "pam_tid.so" /etc/pam.d/sudo ; then
      echo "touch ID no longer enabled for sudo. Insert the following line as line 2 in /etc/pam.d/sudo:"
      echo "  auth   sufficient  pam_tid.so  # enables touch id auth for sudo"
    fi

[yuriyguts]

This is a reasonable concern. Although, whenever security-convenience tradeoff is involved, different users will inevitably have different preferences and tolerance for automation. Some will prefer to do things manually, while others will prefer something that "just works" for them.

[eevilspock]

That's why I said "should at least have an option". And even when that option is enabled, it still "just works", but with a simple user confirmation and perhaps a visual of the file before and after (What if Apple changes the file format?).

I think you overstate this tradeoff in this case since there is a win-win solution.

[saagarjha]

System updates are pretty frequent if you’re on a developer train.