One option smart needs to conquer the world

[Tim Fenn]

On Wed, Feb 22, 2006 at 11:58:59PM +0100, Pascal Bleser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Gustavo Niemeyer wrote:
> >> Alternative Policies for 'smart upgrade' would probably be a good
> >> thing. For instance, I would really like a policy similar to 'apt
> >> upgrade' that does not Remove packages. (apt dist-upgrade is used for
> >> an upgrade that can install and remove packages)
> >>
> >> If there was an option that would prevent downgrading, then the
> >> packager of smart for fedora could choose to enable it by default, if
> >> they are so concerned. But users could choose what they want.
> 
> Keep in mind that there is always a good reason for removing or
> downgrading packages, it doesn't happen just for fun (unless there
> would be a bug in smart's upgrade logic, which I doubt at this
> point).
> 
> The user is saying: I want to upgrade this and that.  Well, smart
> tries hard to do exactly that, even if it includes downgrading or
> removing other packages.
> 
> That sounds like exactly the correct behaviour.
> 

I believe this as well, but it poses a major reason why distros like
Fedora haven't adopted smart as a mainline tool (I tried to argue with
the fedora crowd in favor of smart, but failed miserably and got
burned):

https://www.redhat.com/archives/fedora-devel-list/2005-November/msg01197.html

The problem is that downgrading something to solve a dependency could
be bad from a security standpoint (among other minor issues), and
hence why some distros shy away from smart.

I honestly don't know of a good solution - which should the sysadmin
prefer: security or zero dependency problems?  I'd vote for the
former, but I certainly sympathize with the latter.  Is there any
middle ground short of adding the option in smart?

Regards,
-Tim Fenn