Ricardo Wurmus <rek...@elephly.net> skribis: > Ludovic Courtès <l...@gnu.org> writes: > >> BTW, should --only-substitutes filter out packages without a substitute, >> or should it simply stop and report the list of missing substitutes >> (after which the user could use --do-not-upgrade)? > > In my opinion “--only-substitutes” should stop and report a list. > If it continued without complaining there could be problems: > > * partial upgrades could leave the profile in an unusable state > > * an attacker could use this to trick a user into thinking that they > have all available updates
Agreed. > On the other hand, it would make “--only-substitutes” less usable, > because to actually perform work one would have to deal with the failure > case. IMO that’s OK. “--only-substitutes” would typically be for interactive use, when you’re in a hurry and you Understand The Risks (click on the checkbox ;-)). For unattended upgrades, I think one would want to upgrade no matter what (assuming of course the build farm is not completely broken, meaning that most substitutes are available.) WDYT? In the future I was also thinking that the build farm could tag Git commits that it has fully built, and thus ‘guix pull’ could be told to pull to the latest fully-built commit. Ludo’.
