Whenever people say that MIT or GPL licenses are a good idea I point out projects like this.

Only humans should have freedom zero. Corporations and robots must pay.

This is a good example of Diffusion of Responsibility.

Everybody thinks somebody else should help, so nobody does.

Right? A company to step and cut a check to support this would get positive publicity and there doing something good for community at large. Someone step up.

You can only fix that with leverage. The sudo maintainer doesn't have it. sudo is valuable, but if Todd stepped away, you could (and would) find other maintainers because it's so important.

If you want to fix it, you need organizational heft comparable to the companies using it, and the ability & willingness to make freeriding a more painful experience.

I disagree on "the most critical" part. You can be superuser at all times. I understand the arguments why not; I am pointing out that this is possible. Despite people claiming aliens will arrive and nothing will work, everything works fine when the superuser account is used too.

Also, I disagree that every company needs to pay the man. Funding is important, yes, but a *nix system is not crippled without sudo. You can change the permission systems. The superuser can do so too. It is not black magic. The permission system is trivial. sudo is simply a feature of convenience, not a "if sudo does not exist, nothing works" - that just makes no sense.

Why would you be running sudo in production? A production environment should usually be setup up properly with explicit roles and normal access control.

Sudo is kind of a UX tool for user sessions where the user fundamentally can do things that require admin/root privileges but they don't trust themselves not to fat finger things so we add some friction. That friction is not really a security layer, it's a UX layer against fat fingering.

I know there is more to sudo if you really go deep on it, but the above is what 99+% of users are doing with it. If you're using sudo as a sort of framework for building setuid-like tooling, then this does not apply to you.