package-upgrade, when invoked interactively, does show the list of upgradeable packages. When combined with a decent minibuffer completion configuration (like Daniel's Vertico), I can cherry-pick or select all. I agree package-update-all has a poor interface and I do not use it. package-upgrade perhaps should also refresh the package list when called interactively and suppress that behavior with a prefix argument.

In the security vein, package-upgrade commands could also show both the current version(s) and the target version(s) which would be convenient and assist people willing to put in the work to actually look at package sources before they upgrade.

On Sat, Jan 11, 2025 at 6:25 AM Daniel Mendler via Bug reports for GNU Emacs, the Swiss army knife of text editors <bug-gnu-emacs@gnu.org> wrote:
Currently `package-upgrade-all' displays the number of packages to
upgrade. I suggest to instead show a list of the names of the packages
which are about to be upgraded. This way the user has a better chance to
review the packages before they get installed. Of course the user can
have better control by going via the `list-packages' interface. However
I argue that package.el should not offer UIs and confirmations which
omit relevant information in order to improve security.

The current `package-upgrade-all' confirmation is as follows:

(when (and query
           (not (yes-or-no-p
                 (if (length= upgradeable 1)
                     "One package to upgrade.  Do it? "
                   (format "%s packages to upgrade.  Do it?"
                           (length upgradeable))))))
  (user-error "Upgrade aborted"))

I suggest to replace it with this:

(when (and query
           (not (yes-or-no-p
                 (format
                  "Upgrade %s?"
                  (mapconcat #'symbol-name upgradeable ", ")))))
  (user-error "Upgrade aborted"))

If the list gets too long, a popup window could be used. See also the
related bug#74604 regarding diffs on package upgrade.

Daniel