Comment 6 for bug 1528627

I personally wouldn't be at all comfortable having that proof of concept be recommended for production use; at the very least, the password should be hashed so that an inadvertent committing of opensrf.xml to the wrong local repository doesn't expose the keys to the kingdom. Of course, we already have all of the code needed to implement bcrypt hashing.

Looking at it more broadly, some desiderata for a sudo mechanism I see include:

* as Chris already mentioned, explicit auditing and logging of when it gets used
* adding a user permission specifying whether a user can sudo; that would allow better control than a global master password would
* some mechanism to control which users a sudoer can "become"; you might want a trusted local admin to be able to act as other users in the same system, but not globally.