On 07/01/2016 09:42 AM, Duncan wrote:
> Zac Medico posted on Fri, 01 Jul 2016 08:35:26 -0700 as excerpted:
> 
>>> But if you genuinely think this is a good idea, and someone else on the
>>> team does too, I won't oppose it. We should make sure that we strongly
>>> discourage its usage for regular users. Perhaps your suggested manpage
>>> addition already does -- I don't know.
>>
>> Yeah, I think the warning message that I've put in the man patch is
>> pretty good:
>>
>>> This option is intended to be used only with great caution,
>>> since it is possible for it to make nonsensical configuration changes
>>> which may lead to system breakage. Therefore, it is advisable to use
>>> ---ask together with this option.
> 
> Perhaps rename the option so it makes perfectly clear the possible 
> consequences?  Something like --autounmask-breakme, or --auto-breakme ?

My experience with my wrapper script that gives similar behavior is that
it practically always "just works". It's fabulous for continuous
integration (aka tinderbox) settings. However, as with self-driving
cars, it deserves caution.

> Or alternatively, if there are other arguably dangerous options now or 
> possible in the future, put them all under another option, --breakme, 
> such that if that option isn't there, the otherwise dangerous options 
> only print a warning and die.
> 
> Then people can read the manpage if they really want to know what it 
> does, but people who haven't, aren't as likely to blunder into it due to 
> the stereotypical "rm -rf .*" type advice.

It's simply not as risky as you're making it out to be. If it's a
production system, use --ask. Honestly, people who can't be exposed to
options like this should not have root access.
-- 
Thanks,
Zac

Reply via email to