The open source community loves its hero narratives. For thirty years, Todd C. Miller has been the singular human holding together sudo, the permission elevation tool running on virtually every Linux server, MacBook, and Unix system on the planet. His personal website, last updated “occasionally”, by his own admission, currently displays a quiet plea: “I’m currently in search of a sponsor to fund continued sudo maintenance and development.” This isn’t a side project. It’s the load-bearing wall of internet infrastructure, and it’s showing cracks.
The 30-Year Maintenance Model: A single point of failure
Sudo’s architecture evolved under one pair of hands. Miller took over maintainership in the early 1990s, when the project was a simple setuid wrapper. Today, it supports complex plugin architectures, SELinux integration, and RBAC policies that enterprises bet their compliance on. The research is stark: architectural technical debt compounds in ways that are “contagious” across a codebase, where design flaws in one module infect neighboring components and increase the cost of change exponentially.
Miller’s approach, necessarily pragmatic for a one-person operation, has created a system where institutional knowledge exists in exactly one human brain. When that brain encounters a complex vulnerability or needs to architect a new feature, there are no fellow maintainers to stress-test the design. The result is what researchers call “architectural debt with interest”: each shortcut taken to ship a release creates cascading complexity that makes the next fix harder.
The numbers tell a sobering story. Software supply chain attacks are projected to cost $60 billion globally by 2025, with the weakest link rarely being application code itself. It’s the inherited component “buried in a dependency graph, a build step no one monitors, or a platform layer maintained by a third party.” Sudo is that platform layer. When Miller’s personal machine room temperature page (yes, he monitors it publicly) becomes more reliable than his funding model, we have a problem.
The “Elite” Stewardship Myth
The open source community romanticizes the lone expert. We call them “Benevolent Dictators For Life” and celebrate their commit streaks. But this model is a high-interest loan against future stability. Miller’s situation mirrors what researchers found in technical debt studies: solo maintainers become “temporal discounting” victims, prioritizing immediate survival over long-term architectural health because there’s simply no bandwidth for both.
The Linux kernel project, by contrast, has spent years architecting succession. Their “grey hair problem”, Linus Torvalds’ term for the aging maintainer population, has prompted a distributed leadership model where no single person can become a bottleneck. The kernel’s governance framework acknowledges that “no single individual can replicate Torvalds’ unique combination of technical expertise, institutional knowledge, and community standing.” Sudo has no such framework. When Miller eventually steps back, there is no documented succession plan, no council of maintainers, no corporate governance structure. Just a Git repository and three decades of tribal knowledge.
This fragility extends beyond code. The recent CVE-2026-23958 DataEase admin takeover demonstrates how architectural assumptions in privileged access systems can be weaponized. Sudo’s complexity has grown to the point where its attack surface is a dissertation topic, yet its maintenance model remains stuck in 1993.
Supply Chain Risk Multiplication
Every Docker container, every cloud instance, every embedded system inherits sudo. The supply chain risk is multiplicative: one compromised dependency poisons everything downstream. Traditional security tools miss this because they scan for known CVEs, not architectural fragility. They can’t detect when a maintainer burnout creates a security decision-making vacuum.
The research on software supply chain attacks shows a 12% increase in exposed secrets and doubling of attacks year-over-year in 2025. Attackers target “small, inherited components buried in dependency graphs” because they know these are the least monitored. Sudo is the ultimate buried component, so ubiquitous it’s invisible, so critical it’s unthinkable to replace, and so understaffed it’s vulnerable.
The Hidden Architecture of Failure
What makes this truly controversial is that the problem isn’t Miller’s competence, he’s exceptional. The problem is that we’ve built a trillion-dollar infrastructure on a model that conflates individual brilliance with systemic resilience. This is the same fallacy that drives the fragility of community-maintained AI tooling, where impressive individual contributions mask governance gaps.
Researchers studying architectural debt found that “contagious debt” spreads when local optimizations degrade global structure. In sudo’s case, the local optimization is Miller’s heroic maintenance. The global degradation is an entire industry pretending this is sustainable. We’re financing our present stability against a future where one person’s life circumstances could trigger a security crisis.
Toward Actually Resilient Models
The Linux kernel’s succession framework offers clues. They’ve implemented a “multi-layered approach” that distributes authority among subsystem maintainers, recognizing that “finding ‘another Linus'” is impossible. Sudo needs similar architecture: not a replacement for Miller, but a surrounding structure that captures knowledge, funds maintenance, and prevents architectural decisions from being made in isolation.
This requires:
– Cryptographically anchored provenance across code, build systems, and runtime, so changes can be traced when the expert is unavailable
– Real-time component inventories that track not just versions but maintainers’ capacity
– Contextual risk prioritization that weights “maintainer bus factor” alongside CVE scores
– Automated governance that flags when critical projects lack succession plans
The claims of technical breakthroughs versus maintenance realities in AI mirror this problem. We celebrate model efficiency while ignoring the infrastructure debt required to sustain it. The economic sustainability of AI-driven automation depends on the same foundation: stable, funded, resilient core systems.
The Bill Is Coming Due
Sudo’s situation is a canary in the open source coal mine. Miller’s sponsorship plea is polite, but it should be a five-alarm fire for CISOs. When our most critical security tools operate on the digital equivalent of a tip jar, we’re not just risking maintainer burnout, we’re architecting systemic failure.
The research is clear: technical debt accrues interest. Solo maintainer models create “contagious debt” that spreads across dependent systems. Supply chain attacks exploit exactly this fragility. And yet, the industry continues to celebrate the “elite” model of individual heroism while refusing to fund the governance structures that would make it resilient.
The question isn’t whether Miller deserves support, he does. The question is why we’ve built an architecture where one person’s PayPal account is a critical dependency for global infrastructure. Until we answer that, we’re not just maintaining software. We’re maintaining a fantasy.
Internal links used:
1. fragility of community-maintained AI tooling
2. economic sustainability of AI-driven automation
3. long-term cost of technical debt in expert systems
4. claims of technical breakthroughs versus maintenance realities
5. open innovation outside formal stewardship models
