You could say the same thing about sudo. Sudo's codebase is massive, compared to alternatives like doas, but it comes with many features doas does not have, like being able to ask a remote LDAP server if a user will be able to escalate.
I find it absurd that we have just simply accepted the idea of a setuid binary with built in networking code, as our primary admin escalation tool. 100,000+ lines of C code, code that has had multiple buffer overflow exploits*, in a setuid binary, just for temporary admin privileges. Does that seem necessary to you?
Polkit provides an alternative to that. If you don't need the features, then fine, you don't have to use run0 — but then you can't use sudo without being a hypocrite. No longer do I have to have rely on a setuid binary that tries to do everything in one program when I really need sudo's features, instead polkit handles authentication (including asking remote resources if an action is okay), and run0 handles actual escalation.
In another comment in this thread, you mention sudo being lightweight — which is outright false. Compared to doas or su, it's extremely heavyweight, and with that complexity comes more risk of vulnerabilities. You also mention pkexec, for executing with polkit, but pkexec is also setuid, and has many of the same pitfalls.
No one complained when s6, another init system, also offered a sudo alternative (before systemd did, too). But when Poettering does it, it's bad and wrong and ununixlike!
Maybe setuid has been extremely problematic, and more than one entity has sought alternatives?
Old version docs tend to offer you a redirect to more recent docs
Sadly, the docs, I've worked with (openstack and ansible) frequently, don't do this. They have a button to go to the latest version of the docs, but not to the equivalent page on the latest version. This means I have to find the equivalent page again, from the integrated search usually.
And yes, a lot can change between versions. New features can get added that solve your problems or older stuff can get removed.
Putting something on GitHub is really inconsequential if you’re making your project open source since anyone can use it for anything anyway,
Except for people in China (blocked in China) or people on ipv6 only networks, since Github hasn't bothered to support ipv6, cutting out those in countries where ipv4 addresses are scarce.
So yes, it does matter. Both gitlab and codeberg, the two big alternatives, both support ipv6 (idk about them being blocked in china). They also support github logins, so you dob't even need to make an account.
And it's not a black or white. Software freedom is a spectrum, not a binary. We should strive to use more open source, decentralized software, while recognizing that many parts are going to be out of our immediate control, like the backbone of the internet or little pieces like proprietary firmware.
Sometimes I've seen people complain about people using asklemmy for not askreddit style questions, but I actually think that's ok and I'm in favor of that as it means more discussion, content, and visibility.
Eventually asklemmy will reach "critical mass", and split into more niche communities.
The python3 package should contain the entire python standard library
You are free to use a distro which does not split packages, favorite distro, Arch Linux (btw).
Or, you can install the recommended dependencies of python3. Testing in a container, the python3 package pulls:
root@a72bd55a3c1a:/# apt install python3
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3
libkeyutils1 libkrb5-3 libkrb5support0 libncursesw6 libnsl2
libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl
python3-minimal python3.11 python3.11-minimal readline-common
Suggested packages:
gpm krb5-doc krb5-user python3-doc python3-tk python3-venv python3.11-venv
python3.11-doc binutils binfmt-support readline-doc
The following NEW packages will be installed:
ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3
libkeyutils1 libkrb5-3 libkrb5support0 libncursesw6 libnsl2
libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl python3
python3-minimal python3.11 python3.11-minimal readline-common
0 upgraded, 26 newly installed, 0 to remove and 18 not upgraded.
python3-venv python3.11-venv
I find it odd, because debian does this by default, actually. They account for usecases like yours, and instead you have to edit a config file or use a command line flag to get it to not install recommended dependencies.
I guess someone is super happy they saved a few hundreds kilobytes of disk space though.
Yes. All the people basing docker images off if debian, and trying to get them as small as possible. The splitting up of packages, allows people to only pull in what they need.