--- Begin Message ---
Subject: |
[PATCH] gnu: sudo: Depend on python-minimal instead of python. |
Date: |
Wed, 07 Oct 2020 19:04:27 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Hi,
Depending on python pulls in X11:
--8<---------------cut here---------------start------------->8---
$ guix graph --path sudo libx11
sudo@1.9.3p1
python@3.8.2
tk@8.6.10
libx11@1.6.9
--8<---------------cut here---------------end--------------->8---
which is unfortunate, especially for the Hurd.
However...do we really want to extend sudo with eh, a large programming
language that has a more impressive CVE list than a lovely tiny language
such as, say Guile? ;)
Greetings,
Janneke
>From e28a7f0679cc70f48f2583b2f3fe5f9a1984d6cc Mon Sep 17 00:00:00 2001
From: "Jan (janneke) Nieuwenhuizen" <janneke@gnu.org>
Date: Wed, 7 Oct 2020 18:49:29 +0200
Subject: [PATCH] gnu: sudo: Depend on python-minimal instead of python.
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
* gnu/packages/admin.scm (sudo)[inputs]: Use python-minimal instead of
python.
---
gnu/packages/admin.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index e62a145614..399c55a080 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1499,7 +1499,7 @@ system administrator.")
("linux-pam" ,linux-pam)
,@(if (%current-target-system)
'()
- `(("python" ,python)))
+ `(("python" ,python-minimal)))
("zlib" ,zlib)))
(home-page "https://www.sudo.ws/")
(synopsis "Run commands as root")
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#43851] [PATCH] gnu: sudo: Depend on python-minimal instead of python. |
Date: |
Fri, 09 Oct 2020 21:48:22 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Tobias Geerinckx-Rice writes:
Hello!
> Maxim Cournoyer 写道:
>> If we don't have any use for it, I think it may be better to let the
>> dependency go altogether, to keep sudo as small and secure as
>> possible.
>
> I don't think sudo is either, nor does the presence of Python affect
> that meaningfully. But let's stop this pointless discussion since
> removing it helps the Hurd progress. That's enough.
>
> The Hurd is a lot more exciting than the removal of sudo Python
> support -- and actually *will* improve security!
Thanks all, I've removed the python dependency from sudo; pushed to
master as 165e0918da54643bfaf9a6cb6b866f8692e9f8f9.
Greetings,
Janneke
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
--- End Message ---