New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/27037#issuecomment-742144468

Comment:
> I understand your concern, there are two sides to this. Most distro
users understand regex, at least from grep/sed/rewriterule, (something
even in powershell) but few understand sudoers EBNF rules. Yes, it is
new, but the long term goal provides a good way to reliably delegate
access.

Yes, there's something to be said for providing simpler security tools that can greatly increase the general security, due to being simpler to deploy. At the same time, we still have to minimally ensure that these tools don't introduce new holes.

Since you're introducing a new tool into the field, the burden of proof for that is mostly on you. If I don't merge this new package, not much changes, and people who really want it can install it from elsewhere. If we do merge this package and someone finds an exploit or issue with it, then we (Void) share the responsibility for the number of affected people, since including it in our repository counts as vetting it.