Re: sudoers

I think it would be too much effort to clean-up all packages to remove the package-specific sudoers files.

What might work nicely would be to re-work /usr/sbin/update-sudoers (part of sudo package), which is the one actually generating the sudoers file based on the files available under /etc/sudoers.d/ (which is where packages place their sudo-stuff).

My idea would be to patch update-sudoers so that it does nothing (hence preventing a rogue postint from breaking your system before you have a chance to fix it) and then make a customized version of update-sudoers (called "update-sudoers-really" or something to that effect), which either does everything automatically (like now) or interactively ("do you want to integrate nmap.sudoers in your sudoers list? [y/N]") or using some rule file ("01sudoers = Y, nmap = N, powertop = Y, default = ask", etc.)

I guess the issue is not so critical for now (after all, each one can take care of his/her sudoers file), but adapting the script would be quite easy.

Then we could provide a package like "sudo-sanitize" which could replace update-sudoers using some debian-fu (alternatives) to keep dpkg and apt-get happy with replacing a file which is part of the sudo package.

I'll add it to my list.