[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Upgrading packages with substitutes only (bug #26608)
|
From: |
Leo Famulari |
|
Subject: |
Re: Upgrading packages with substitutes only (bug #26608) |
|
Date: |
Sun, 18 Jun 2017 12:11:03 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Sun, Jun 18, 2017 at 11:38:45AM +0200, Ricardo Wurmus wrote:
>
> Ludovic Courtès <address@hidden> writes:
>
> > BTW, should --only-substitutes filter out packages without a substitute,
> > or should it simply stop and report the list of missing substitutes
> > (after which the user could use --do-not-upgrade)?
I like making it return a list on stdout so it can be composed as
suggested.
> In my opinion “--only-substitutes” should stop and report a list.
> If it continued without complaining there could be problems:
>
> * partial upgrades could leave the profile in an unusable state
>
> * an attacker could use this to trick a user into thinking that they
> have all available updates
>
> On the other hand, it would make “--only-substitutes” less usable,
> because to actually perform work one would have to deal with the failure
> case.
>
> I suppose it could download the substitutes but not build a new profile
> and report an error at that point.
Perhaps there could be an additional flag --partial-upgrade to make it
build a new profile.
I understand why people want --only-substitutes but I'm a bit wary of it
for the reasons you gave, and I think we should solve their complaint by
improving our build infrastructure.
signature.asc
Description: PGP signature