On 07/01/2016 09:42 AM, Duncan wrote: > Zac Medico posted on Fri, 01 Jul 2016 08:35:26 -0700 as excerpted: > >>> But if you genuinely think this is a good idea, and someone else on the >>> team does too, I won't oppose it. We should make sure that we strongly >>> discourage its usage for regular users. Perhaps your suggested manpage >>> addition already does -- I don't know. >> >> Yeah, I think the warning message that I've put in the man patch is >> pretty good: >> >>> This option is intended to be used only with great caution, >>> since it is possible for it to make nonsensical configuration changes >>> which may lead to system breakage. Therefore, it is advisable to use >>> ---ask together with this option. > > Perhaps rename the option so it makes perfectly clear the possible > consequences? Something like --autounmask-breakme, or --auto-breakme ?
My experience with my wrapper script that gives similar behavior is that it practically always "just works". It's fabulous for continuous integration (aka tinderbox) settings. However, as with self-driving cars, it deserves caution. > Or alternatively, if there are other arguably dangerous options now or > possible in the future, put them all under another option, --breakme, > such that if that option isn't there, the otherwise dangerous options > only print a warning and die. > > Then people can read the manpage if they really want to know what it > does, but people who haven't, aren't as likely to blunder into it due to > the stereotypical "rm -rf .*" type advice. It's simply not as risky as you're making it out to be. If it's a production system, use --ask. Honestly, people who can't be exposed to options like this should not have root access. -- Thanks, Zac