Hi Lexi, > as an aside, i am confused about the number of people who seem to run > "pkg delete -af" as a matter of course. where did you learn to do this? > is there some FreeBSD YouTuber telling people to do this?
These options' behavior must have existed from pkg's start (didn't check precisely). I'm one of those who rarely read the Handbook or go to the FreeBSD Forums, and certainly don't follow random YouTubers. I started using '-a' regularly as I tend to rebuild all packages in one go, and very rarely do incremental builds. In the past, there have been recurring update problems, because ports are split, moved, etc., because (before poudriere) ports would silently pick dependencies from installed software at build, and sometimes because of bugs in pkg itself. Rebuilding all packages, deleting the old ones and installing the new spares you from having to deal with any such fallout or with precise 'pkg' stances and their ordering as UPDATING sometimes provides (but not always). When you do this process, you quickly learn to add '-f' to '-a' to get rid of the existing 'pkg' package before bootstrapping a new one. And especially since poudriere made its way, easing and speeding building packages a lot, I wouldn't be surprised if lots of people do exactly the same and routinely use 'pkg delete -af'. > i do not know what else you expected here. if you remove the base system, > then the system can no longer boot, because you removed it. the solution > is to not do that. In practice, the changed scope of '-a', which with pkgbase includes base packages, is a big deal as inevitably some people will shoot themselves in the foot *by surprise* (you could argue that there can be no surprises with '-f', but using it was "safe" before). It's not that it doesn't make sense in terms of behavior, but it is especially unfriendly. In case of false manipulation, we are talking about *destroying* a whole system, not just an obscure bug in a niche case. I have a hard time considering it as something else than an important POLA violation. Not sure what the best way forward is, but this "problem" has to be acknowledged and handled. > freebsd-update will be fully supported in 15.x and is planned to be > removed for 16.0. in 15.0, pkgbase is shipped as a "tech preview" > feature. Doing so at least prolongs the period where 'pkg delete -a' keeps its current behavior, which is good. Having 'pkg delete -a' work differently on the same version (15.0) depending on whether using pkgbase or not makes me uneasy from an administrator's point of view, but that could be understandable and perhaps acceptable if accompanied by copious warnings and public communication. For now, I still tend to think that we should be able to somehow keep a distinction between base and ports for 'pkg delete -a'. I didn't follow closely but IIRC you were considering solving that by tagging (some) base packages as vital, which may or may not be enough (argument against: Once you've removed some base packages by accident, but can still execute some basic commands thanks to those flagged vital, your system is not dead but you'd better have a set of base packages available to re-install; if you used poudriere just to rebuild ports, you don't necessarily have them handy; flagging all base packages as vital does not seem to make much sense, and anyway leads us back to square one). Here are some rough ideas, hoping they could help. Sorry if they have been considered already. Perhaps have some per-repo (or per-set if that makes sense?) flag indicating that 'pkg delete -a' should not operate on installed ports coming from these? And have a new 'pkg delete -A' whose scope really is all packages, regardless of the flags? Another cause of the current situation is that '-f' is overloaded, serving both to ignore dependencies and to allow to remove 'pkg' when used with '-a'. Changing, e.g., '-f' to only have the first effect would be a much smaller POLA violation: 'pkg delete -af' would stop removing 'pkg', so people would learn to use another stance to do so (we would have to provide one if none other exists, as I think it's the case) and hopefully forget about using '-f' with '-a'. These could be combined, and most probably there are other possibilities. Thanks and regards. PS: Could you please consider removing or fixing the "Mail-Followup-To:" headers from your mails to mailing lists? Not only they remove your address from the default list of recipients when replying to all (which you probably intended?), but they also add the address of the author of the mail you replied to in "To:", which is in general wrong and annoying. -- Olivier Certner
signature.asc
Description: This is a digitally signed message part.
