Todd C. Miller – Sudo maintainer for over 30 years

Original Article ↗ Hacker News Discussion ↗

Maintainer funding & corporate responsibility

  • Many are alarmed that a core security tool like sudo, used across Unix/Linux infrastructure, depends on one maintainer now seeking sponsorship.
  • Commenters argue large tech companies and hyperscalers heavily rely on such tools yet rarely fund them, comparing this to “death of the commons” and “vampiric” corporate behavior.
  • Some counter that vendors like enterprise distros vendor specific versions and are responsible for their own snapshots, so upstream funding doesn’t directly affect deployed systems.

Licensing, capitalism, and OSS exploitation

  • Several see this as evidence that the open source ideal met capitalism and lost: maintainers can’t pay rent, yet their work underpins “trillions” in value.
  • Suggestions include more onerous corporate licenses (revenue share, commercial-only fees), “only humans get freedom zero,” or explicitly pay‑to‑play licenses.
  • Others doubt licenses can restrain powerful actors; they note that companies may just fork/clone instead of paying.
  • Broader ideological debates appear: criticism of libertarianism in OSS, arguments over GPL, copyright, and even communism vs capitalism.

How critical is sudo and should it be “done”?

  • One camp: sudo is “one of the most critical” utilities and must receive ongoing security and compatibility updates; software is never truly finished.
  • Another camp: sudo is a convenience tool, not indispensable—systems can run with root/su or alternatives—and the project has severe feature bloat for a security‑sensitive binary.
  • People are surprised by monthly releases and obscure features (LDAP, TLS listener, complex sudoers syntax), seeing added attack surface.

Alternative tools and Rust rewrites

  • Alternatives discussed: doas/OpenDoas, run0 (systemd), polkit for scoped privilege, and sudo‑rs (Rust).
  • Opinions on Rust rewrites are split: some see them as modernization and evolution; others see attention‑seeking rewrites that rarely match original quality and sometimes serve to sidestep GPL‑style licensing.

Proposed funding mechanisms

  • Ideas: Patreon/GitHub Sponsors/OpenCollective; per‑CPU or per‑commercial‑use fees; government or EU‑style grants; VAT on digital services funding OSS; foundation‑mediated corporate funding; tooling that analyzes shell history and suggests donations.
  • Many note practical barriers: micropayment fees, overhead of setting up businesses, distros stripping nags, lack of maintainer leverage, and cultural expectation of free labor.