Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Scott Kitterman]

Thanks.

Another scenario to consider is a user that doesn't know any better enables a 
poorly maintained third party repository that contains conflicting packages 
that cause large numbers of removals.

This can happen post-release and is a scenario the user base you're targeting 
is particularly vulnerable to.

Scott K

On September 25, 2016 2:28:37 PM EDT, Matthias Klumpp  
wrote:
>Discover is for end-users with no technical knowledge. Showing extra
>dialog boxes with crazy text won't help and just be visual clitter,
>since people will press "Yes" anyway. Also, Discover isn't really to
>blame for the underlying problem, which is a busted archive, something
>that never happens in any stable distribution.
>However, it would be nice if Discover handled this situation better on
>unstable development versions of a distro.
>
>I see the following possible solutions:
>
>1) Have Discover detect an unstable distribution, and if it finds one,
>show an extra confirmation box if changes that cause the removal of a
>package are detected.
>
>2) Just display removals as seperate items in the updates list
>unconditionally - people on unstable distros would just need to read
>the information then.
>
>3) Show a "This update is potentially disruptive if you are using an
>unstable distribution" or any other meaningful message when big
>changes are detected (e.g. > 10 packages being removed)
>
>Since even on stable distros sometimes transitions happen and stuff
>gets removed, adding an unconditional dialog seems like a bad idea,
>simply because it's meaningless for average users.
>
>I'll talk to the usability people about the different options, and
>hopefully we can land one of them before Plasma 5.8 is released.
>
>Cheers,
>Matthias

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Matthias Klumpp]

Discover is for end-users with no technical knowledge. Showing extra
dialog boxes with crazy text won't help and just be visual clitter,
since people will press "Yes" anyway. Also, Discover isn't really to
blame for the underlying problem, which is a busted archive, something
that never happens in any stable distribution.
However, it would be nice if Discover handled this situation better on
unstable development versions of a distro.

I see the following possible solutions:

1) Have Discover detect an unstable distribution, and if it finds one,
show an extra confirmation box if changes that cause the removal of a
package are detected.

2) Just display removals as seperate items in the updates list
unconditionally - people on unstable distros would just need to read
the information then.

3) Show a "This update is potentially disruptive if you are using an
unstable distribution" or any other meaningful message when big
changes are detected (e.g. > 10 packages being removed)

Since even on stable distros sometimes transitions happen and stuff
gets removed, adding an unconditional dialog seems like a bad idea,
simply because it's meaningless for average users.

I'll talk to the usability people about the different options, and
hopefully we can land one of them before Plasma 5.8 is released.

Cheers,
Matthias

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Scott Kitterman]

On September 24, 2016 3:02:28 PM EDT, Diederik de Haas  
wrote:
>Control: reopen -1
>
>On Sat, 24 Sep 2016 15:52:33 +0100 Chris Lamb  wrote:
>> > [plasma-discover] plasma-discover uninstalls packages during
>upgrades
>> > without asking for confirmation> 
>> This is due to the ongoing Perl migration. There was a mail sent to
>> debian-devel-announce but I believe it was unfortunately blocked.
>> 
>> I'm closing your bug as this is not an issue that can be resolved by
>> plasma-discover, alas. :(
>
>From my #debian-qt-kde logs:
>[27.08 01:43]  plasma-discover is a giant piece of junk and
>imo 
>should be removed from every meta package
>[27.08 01:43]   /rant
>[27.08 01:45]  for a change I used it's function and did
>happily 
>uninstall plasma-desktop, plasma-workspace, sddm and a number of other 
>essential programs
>[27.08 01:45]  without any warning that is. Trying to fix it
>with 
>aptitude seems to be a no go as it's not able to resolve conflicts
>[27.08 01:45]  I have _never_ seen/happen that before
>
>So this happened on 24th of August and then the perl migration wasn't 
>happening, thus reopening the bug.

In any case, the message about the Perl migration said not to file bugs about 
package uninstallability.  That's not what this bug is about.

This bug is about lack of user visibility when discover removes packages and 
the consequent risk of inappropriate removals causing system problems.

I do agree that as long as this is the case it's questionable is it's suitable 
for the default KDE install.  I'm not completely convinced it's suitable to be 
in the archive at all.

Scott K

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Diederik de Haas]

Control: found -1 5.7.3-1

On zaterdag 24 september 2016 21:02:28 CEST Diederik de Haas wrote:
> So this happened on 24th of August and then the perl migration wasn't 
> happening, thus reopening the bug.

As 5.7.4-1 was uploaded on 26th of August, my version was thus 5.7.3-1, 
marking this bug as such.

> I'll spare you my real opinion.

That didn't last long :-P

signature.asc
Description: This is a digitally signed message part.

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Diederik de Haas]

Control: reopen -1

On Sat, 24 Sep 2016 15:52:33 +0100 Chris Lamb  wrote:
> > [plasma-discover] plasma-discover uninstalls packages during upgrades
> > without asking for confirmation> 
> This is due to the ongoing Perl migration. There was a mail sent to
> debian-devel-announce but I believe it was unfortunately blocked.
> 
> I'm closing your bug as this is not an issue that can be resolved by
> plasma-discover, alas. :(

From my #debian-qt-kde logs:
[27.08 01:43]  plasma-discover is a giant piece of junk and imo 
should be removed from every meta package
[27.08 01:43]   /rant
[27.08 01:45]  for a change I used it's function and did happily 
uninstall plasma-desktop, plasma-workspace, sddm and a number of other 
essential programs
[27.08 01:45]  without any warning that is. Trying to fix it with 
aptitude seems to be a no go as it's not able to resolve conflicts
[27.08 01:45]  I have _never_ seen/happen that before

So this happened on 24th of August and then the perl migration wasn't 
happening, thus reopening the bug.

signature.asc
Description: This is a digitally signed message part.

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Diederik de Haas]

On zaterdag 24 september 2016 20:02:42 CEST JanKusanagi wrote:
> The thing is, a user upgrading with this program, might end up
> destroying their system. I'd consider this 'grave'.

Not just 'might', the one time I tried/used it, it removed plasma-desktop, 
sddm and a couple of more essential KDE packages, including their 
dependencies.
Apparently I only complained about it in #debian-qt-kde but didn't report it.

> From what I see, the real problem here is that plasma-discover's
> "upgrade" functionality is acting like a "aptitude full-upgrade",
> removing whatever's necessary, possible removing half your system,
> instead of acting like a "aptitude safe-upgrade", which would hold the
> problematic packages, and not remove anything.

This is exactly what seems to be happening and I consider this to be plain 
wrong. I'm actively trying to dissuade people from using full-upgrade (even) 
from the command-line, where you indeed at least have to give confirmation 
before removing your whole system.

On Sat, 24 Sep 2016 13:50:18 -0400 Scott Kitterman wrote:
> Developers are users too.  If your position is that Discover isn't suitable
> for use in testing/unstable then what that means is Discover gets released
> untested.  That's not a recipe for success.

My solution to the above problem was to make sure (apt-pinning) that plasma-
discover would NEVER be installed on any of my systems, ever.
It was available on my (new) laptop because I did a fresh install of KDE. As a 
lot of testing/unstable users have their system for quite a while, they likely 
don't even have plasma-discover installed.
Thus I consider the above statement from Scott a massive understatement (and 
it may even be meant that way).

> Discover is meant for users who have no idea what a "package" is, so
> prompting them with questions they don't understand will highly likely
> not happen

Maybe clicking the upgrade button is too confusing too, you may want to remove 
that.
And that's the most positive thing I can say about plasma-discover; I'll spare 
you my real opinion.


signature.asc
Description: This is a digitally signed message part.

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[JanKusanagi]

>From what I see, the real problem here is that plasma-discover's
"upgrade" functionality is acting like a "aptitude full-upgrade",
removing whatever's necessary, possible removing half your system,
instead of acting like a "aptitude safe-upgrade", which would hold the
problematic packages, and not remove anything.

Obviously, the second way would be much safer, and it would still result
in a proper upgrade on Debian Stable, or in the other suites as long as
there are no big migrations happening.


The thing is, a user upgrading with this program, might end up
destroying their system. I'd consider this 'grave'.

Also, the OP for this bug is not the first one to have this same
catastrophe happening. I remember someone on #debian-kde or
#debian-qt-kde with this same problem, and rightfully, hating
plasma-discover's guts.


Cheers!

-- 
Development blog: https://jancoding.wordpress.com

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Scott Kitterman]

On September 24, 2016 1:00:21 PM EDT, Matthias Klumpp  
wrote:
>2016-09-24 18:36 GMT+02:00 Ximo Baldó :
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> No. Precisely, the bug I'm reporting is that  the package manager,
>plasma-discover, does not warn user about his intention to do that
>removing operation. So,  the user never has notice about these changes
>and as far I know this situation can be considered as grave bug as it
>can lead to an unusable system.
>
>Discover is meant for users who have no idea what a "package" is, so
>prompting them with questions they don't understand will highly likely
>not happen (they would just klick "yes" anyway). I wonder though if we
>could add some safeguard, like "ask for re-confirmation if more than
>50 packages are going to be removed".
>In any case, this is not a grave bug since it only ever happens on
>development suites, which no end-user sees. It's normal/important at
>max.

Developers are users too.  If your position is that Discover isn't suitable for 
use in testing/unstable then what that means is Discover gets released 
untested.  That's not a recipe for success.

If it breaks a system without warning, that's a grave bug.  Nothing about bug 
severities says that they only apply to stable.

What I think you want is for developers and advanced users to use Discover, at 
least occasionally, during development so we know it's well integrated with 
Debian prior to release.  That's not going to happen if it silently breaks 
systems.

Scott K

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Matthias Klumpp]

2016-09-24 18:36 GMT+02:00 Ximo Baldó :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> No. Precisely, the bug I'm reporting is that  the package manager, 
> plasma-discover, does not warn user about his intention to do that removing 
> operation. So,  the user never has notice about these changes and as far I 
> know this situation can be considered as grave bug as it can lead to an 
> unusable system.

Discover is meant for users who have no idea what a "package" is, so
prompting them with questions they don't understand will highly likely
not happen (they would just klick "yes" anyway). I wonder though if we
could add some safeguard, like "ask for re-confirmation if more than
50 packages are going to be removed".
In any case, this is not a grave bug since it only ever happens on
development suites, which no end-user sees. It's normal/important at
max.

I'll ping the Discover upstream and maybe designers to see if
something can be done here.

Cheers,
Matthias

-- 
Debian Developer | Freedesktop-Developer
I welcome VSRE emails. See http://vsre.info/

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Ximo Baldó]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

No. Precisely, the bug I'm reporting is that  the package manager, 
plasma-discover, does not warn user about his intention to do that removing 
operation. So,  the user never has notice about these changes and as far I know 
this situation can be considered as grave bug as it can lead to an unusable 
system.

On 24 de setembre de 2016 18:22:16 CEST, Chris Lamb  wrote:
>Ximo Baldó i Soriano wrote:
>
>> So... The ongoing Perl migration causes plasma-discover (or its
>backend) to
>> bypass user's decision to deinstall 347 packages from his system?
>
>There is no bypassing -- your package manager would have declared its
>intention to remove all those packages.
>
>
>Regards,
>
>--
>  ,''`.
> : :'  : Chris Lamb
> `. `'`  la...@debian.org / chris-lamb.co.uk
>   `-

- --
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-BEGIN PGP SIGNATURE-

iHQEAREKADQtHFhpbW8gQmFsZMOzIGkgU29yaWFubyA8ZXNwaW5kYXJnYUBnbWFp
bC5jb20+BQJX5quaAAoJEPLA9MdIi+gmFw0AoKDbA2+UIOSpIFEVbKlpl7xExwIU
AJ0QscmFLR8Bp/p8/uhyRkc2SKOrNA==
=xm9L
-END PGP SIGNATURE-

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Chris Lamb]

Ximo Baldó i Soriano wrote:

> So... The ongoing Perl migration causes plasma-discover (or its backend) to 
> bypass user's decision to deinstall 347 packages from his system?

There is no bypassing -- your package manager would have declared its
intention to remove all those packages.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Ximo Baldó i Soriano]

El dissabte, 24 de setembre de 2016, a les 15:52:33 CEST, Chris Lamb va 
escriure:
> Hi,
> 
> > [plasma-discover] plasma-discover uninstalls packages during upgrades
> > without asking for confirmation
> This is due to the ongoing Perl migration. There was a mail sent to
> debian-devel-announce but I believe it was unfortunately blocked.
> 
> I'm closing your bug as this is not an issue that can be resolved by
> plasma-discover, alas. :(
> 
> 
> Regards,

So... The ongoing Perl migration causes plasma-discover (or its backend) to 
bypass user's decision to deinstall 347 packages from his system? I Don't 
think so. If I run apt full-upgrade or aptitude full-upgrade (safe-upgrade 
makes upgrade packages blocked until it can be upgraded safely, as we know), 
both of them warn me about operations needed to do that full-upgrade, and, as 
it should be, ask me if I'm agree to do that or not.
I think is a bug (or maybe a wrong default configuration) and not a 
consecuence of Perl (or some other) migration and, because of this, the bug 
should not be closed.
Feel free to correct me if I'm wrong.

signature.asc
Description: This is a digitally signed message part.

Bug#838734: [plasma-discover] plasma-discover uninstalls packages during upgrades without asking for confirmation

[Ximo Baldó i Soriano]

Package: plasma-discover
Version: 5.7.4-1
Severity: grave

--- Please enter the report below this line. ---

On my system running debian sid was, since last upgrade, 4 packages related to 
perl blocked due to dependencies. Tonight, just did an upgrade from plasma-
discover and the result was a large number (about 340) of packages been 
deinstalled without any kind of warning or ask for confirmation, including 
packages needed for graphical environment like all xorg related packages.

--- System information. ---
Architecture: amd64
Kernel:   Linux 4.7.0-1-amd64

Debian Release: stretch/sid
  900 unstableftp.debian.org 
  800 experimentalftp.debian.org 
  500 unstable-debug  deb.debian.org 
  500 stable  people.debian.org 

--- Package information. ---
Depends  (Version) | Installed
==-+-

appstream (>= 0.8) | 0.10.1-1
packagekit(>= 1.0) | 1.1.4-1
plasma-discover-common (= 5.7.4-1) | 5.7.4-1
libappstreamqt1| 0.10.1-1
libc6(>= 2.14) | 
libkf5archive5 (>= 4.96.0) | 
libkf5attica5  (>= 5.23.0) | 
libkf5configcore5  (>= 4.98.0) | 
libkf5configgui5   (>= 4.97.0) | 
libkf5configwidgets5   (>= 4.96.0) | 
libkf5coreaddons5 (>= 4.100.0) | 
libkf5crash5   (>= 5.15.0) | 
libkf5dbusaddons5  (>= 4.99.0) | 
libkf5declarative5 (>= 4.96.0) | 
libkf5i18n5(>= 4.97.0) | 
libkf5kiocore5 (>= 4.96.0) | 
libkf5kiowidgets5  (>= 4.96.0) | 
libkf5newstuff5(>= 5.23.0) | 
libkf5notifications5   (>= 5.3.0+git20141030.0311) | 
libkf5service-bin  | 
libkf5service5 (>= 4.96.0) | 
libkf5widgetsaddons5   (>= 4.96.0) | 
libkf5xmlgui5  (>= 4.96.0) | 
libpackagekitqt5-0 | 
libqt5core5a   (>= 5.6.0~beta) | 
libqt5dbus5(>= 5.4.0~) | 
libqt5gui5 (>= 5.6.0~beta) | 
libqt5qml5  (>= 5.1.0) | 
libqt5quick5(>= 5.0.2) | 
libqt5widgets5 (>= 5.4.0~) | 
libqt5xml5 (>= 5.4.0~) | 
libstdc++6(>= 4.5) | 


Recommends   (Version) | Installed
==-+-===
software-properties-kde| 0.96.20.2-1


Package's Suggests field is empty.





signature.asc
Description: This is a digitally signed message part.