[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Thoughts on making Guix even better

From: Raghav Gururajan
Subject: Thoughts on making Guix even better
Date: Sun, 23 Feb 2020 02:49:12 +0000

Hello Guix!

I have been thinking about this for a long time and would like to share it now.

The transactional upgrades and roll-backs are available to both Guix Package 
and Guix System. But I see a important difference which might be crucial to 
guix's development and use.


The guix package transactions are MODULAR. That is, you can upgrade packages 
selectively. For example, you can upgrade all packages except one/few (or) only 
upgrade one/few.


The guix system transactions are NON-MODULAR. That is, you cannot selectively 
reconfigure certain parts of the system. For example, you either reconfigure 
the system as a whole (or) you do not reconfigure the system at all.


Lets assume we have 5 packages in profile. Package 1, 3 and 5 has non-critical 
updates. Package 4 has non-critical update but it breaks. Package 2 has 
critical update (CVE). We can either upgrade all packages except package 4 (or) 
we can upgrade only package 2.

Lets assume we have 5 services/packages in system. Package/Service 1, 3 and 5 
has non-critical updates. Package/Service 4 has non-critical update but it 
breaks. Package/Service 2 has critical update (CVE). Now, when we reconfigure 
the system, all packages/services will upgrade, package/service 4 will break 
the system. We can of course do '--roll-back' and take the system to previous 
working state. But that will leave the system with critical vulnerability. 
Therefore, we cannot reconfigure package/service 2 or any other parts of the 
system, until the package/service 4 is fixed. This window/gap puts guix system 
at great risk and instability.


We can brain-storm and implement a way to make guix system transactions 
modular. Any ideas?

Thank you!

Raghav "RG" Gururajan.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]