GNU bug report logs - #25852
Users not updating their installations of Guix

Previous Next

Full log

Message #47 received at 25852 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Mark H Weaver <mhw <at> netris.org>
Cc: 25852 <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name>
Subject: Re: bug#25852: Users not updating their installations of Guix
Date: Tue, 07 Mar 2017 11:35:58 +0100

Mark H Weaver <mhw <at> netris.org> skribis:

> ludo <at> gnu.org (Ludovic Courtès) writes:
>
>> Leo Famulari <leo <at> famulari.name> skribis:
>>
>>> In my opinion, the recent bug #25775 (Can't install packages after guix
>>> pull) [0] exposed a sort of meta-bug: there are a significant number of
>>> users who were still using the guix-daemon from 0.10.0.
>>>
>>> It seems unlikely that they have been updating all of root's
>>> packages except for the guix package. Rather, I bet they never updated
>>> root's packages at all, for ~1 year.
>>>
>>> I think this is a serious documentation bug.
>>
>> I’m not sure documentation would help.
>>
>> Software like Firefox handles that by calling home to know its latest
>> version, but I’m not sure we want to have that happen automatically.
>>
>> Thoughts on how we could address this?
>
> We could simply issue a warning if the version of guix currently in use
> is more than N hours old, on the assumption that after N hours it's
> likely to be stale.  The default value of N might be in the range 48-96
> (2-4 days).  A quick perusal through the recent commit log on our master
> branch indicates that it's quite rare for 4 days to pass without a
> security update.
>
> What do you think?

That sounds like an easy and reasonable approach.

I wonder what would be the best place to emit this warning.  Upon ‘guix
package -i’ maybe?

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.