Thoughts on making Guix even better

[Raghav Gururajan]

Hello Guix!

I have been thinking about this for a long time and would like to share it now.

The transactional upgrades and roll-backs are available to both Guix Package 
and Guix System. But I see a important difference which might be crucial to 
guix's development and use.

GUIX PACKAGE:

The guix package transactions are MODULAR. That is, you can upgrade packages 
selectively. For example, you can upgrade all packages except one/few (or) only 
upgrade one/few.

GUIX SYSTEM:

The guix system transactions are NON-MODULAR. That is, you cannot selectively 
reconfigure certain parts of the system. For example, you either reconfigure 
the system as a whole (or) you do not reconfigure the system at all.

IMPLICATIONS:

Lets assume we have 5 packages in profile. Package 1, 3 and 5 has non-critical 
updates. Package 4 has non-critical update but it breaks. Package 2 has 
critical update (CVE). We can either upgrade all packages except package 4 (or) 
we can upgrade only package 2.

Lets assume we have 5 services/packages in system. Package/Service 1, 3 and 5 
has non-critical updates. Package/Service 4 has non-critical update but it 
breaks. Package/Service 2 has critical update (CVE). Now, when we reconfigure 
the system, all packages/services will upgrade, package/service 4 will break 
the system. We can of course do '--roll-back' and take the system to previous 
working state. But that will leave the system with critical vulnerability. 
Therefore, we cannot reconfigure package/service 2 or any other parts of the 
system, until the package/service 4 is fixed. This window/gap puts guix system 
at great risk and instability.

SUGGESTION:

We can brain-storm and implement a way to make guix system transactions 
modular. Any ideas?

Thank you!

Regards,
Raghav "RG" Gururajan.