We currently have the following configuration in the sudoeres file
env_keep += "HOME TMUX STY"
Home was originally added in 2014 with the message
sudo >= 1.7.4p4-2 is resetting $HOME and $MAIL to the target user when sudoing. Undo this for $HOME by adding it to env_keep as we're too used to it.
However i have herd anecdotal accounts of this causing issues so we should investigate if this is required and it it is required can we confine it to only the commands/usere who require it
"TMUX STY" were added recently*. The initial reason to add theses was to overcome an issue in wmflib.interactive.ensure_shell_is_durable() method which has since had a fix (release pending). however it was thought theses variables could still be generally useful to pass through. A quick search didn't result in any issues and this doesn't appear to create any additional security issues however we should still investigate if this is actually needed and perhaps also confine this to commands which actually need them.
*https://gerrit.wikimedia.org/r/c/operations/puppet/+/666899/ Original PS adding TMUX/STY with more justification.