Snapshotting for rollback after updates was[ Re: Drawing lessons from fatal SELinux bug #1054350]

[Reindl Harald]

Am 26.01.2014 21:13, schrieb Chris Murphy:
> On Jan 26, 2014, at 11:41 AM, Simo Sorce <simo at redhat.com> wrote:
> 
>> I never said it won't work in absolute, it probably will work ok in many
>> cases, just to cause incredible issues in others.
>>
>> It is a fine tool in the hands of an expert that knows how to check
>> whether reverting to a snapshot is safe.
> 
> Why is the snapshot case any different from a user who reverts doing a clean install or yum downgrade?

because the snapshot restores *a whole filesystem* and not only the affected application?

* restore a snapshot of /usr and you have fun with /var/lib/rpm
* restore a snapshot of /var/lib/ without /usr and you have fun with the rpmdb and others
* restore a snapshot of /usr without /etc and you *may have* random fun

and there are *hundrets* of such combinations where the last thing you
really would want is restore a snapshot because you have no plan about
the real-world impact in doing so

>> It is not going to be a good solution for non-expert users though
>> *unless* you provide system APIs that *all* applications use to signal
>> when they are doing irreversible changes so that the user can be warned
>> about potential data loss right when he asks the system to revert a
>> snapshot.
> 
> Developers should not be sneak attacking non-expert users with file format changes that aren't well 
> announced in advance of consequences they probably won't be able to read their data if they downgrade 
> the application

the perfect world won't happen, sad but true

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140126/7622c74d/attachment-0001.sig>