On Tue, Mar 8, 2022, at 1:40 PM, Alexander Sosedkin wrote:
But these are all rather... crude?
Sure there should be better ways,
preferably something explored before.
One general technique I like is the "warn and sleep" approach; example:
https://github.com/coreos/rpm-ostree/pull/2098
Of course, printing to e.g. stderr or even more strongly adding a sleep(5) call in the
middle of cryptographic libraries has a huge blast radius on its own. But it's
smaller than removing it entirely.
(And, remember I am a big fan of the mental model of rolling out changes to the OS core
first, not all packages, so some sort of opt-in warn-and-sleep approach could even be
prototyped out in e.g. Fedora CoreOS first, where we have CI that covers most things we
care about)