Last modified: 2013-01-24 23:08:18 UTC
Using ALL for users, rather than the project group is insecure. If passwordless sudo was allowed, then all users on the system, including service accounts would be allowed to run sudo commands.
Fixed for new policies by https://gerrit.wikimedia.org/r/#/c/45481/ Fixed for old policies by hand.