l...@gnu.org (Ludovic Courtès) writes:
> Leo Famulari <l...@famulari.name> skribis:
>
>> In my opinion, the recent bug #25775 (Can't install packages after guix
>> pull) [0] exposed a sort of meta-bug: there are a significant number of
>> users who were still using the guix-daemon from 0.10.0.
>>
>> It seems unlikely that they have been updating all of root's
>> packages except for the guix package. Rather, I bet they never updated
>> root's packages at all, for ~1 year.
>>
>> I think this is a serious documentation bug.
>
> I’m not sure documentation would help.
>
> Software like Firefox handles that by calling home to know its latest
> version, but I’m not sure we want to have that happen automatically.
>
> Thoughts on how we could address this?
We could simply issue a warning if the version of guix currently in use
is more than N hours old, on the assumption that after N hours it's
likely to be stale. The default value of N might be in the range 48-96
(2-4 days). A quick perusal through the recent commit log on our master
branch indicates that it's quite rare for 4 days to pass without a
security update.
What do you think?
Mark
