Comment by firesteelrain

I guess I don’t understand. Take RHEL. The sudo maintainer seeking a new sponsor affects upstream velocity and stewardship, not the deployed trust model of enterprise distributions. RHEL does not “follow HEAD.” It vendors a known-good snapshot and assumes long-term responsibility for it.

Core tools like sudo have survived things like this before