Snapshotting for rollback after updates was[ Re: Drawing lessons from fatal SELinux bug #1054350]

Chris Murphy lists at
Mon Jan 27 01:11:52 UTC 2014

On Jan 26, 2014, at 5:37 PM, Reindl Harald <h.reindl at> wrote:

> Am 27.01.2014 01:32, schrieb Chris Murphy:
>> On Jan 26, 2014, at 5:20 PM, Reindl Harald <h.reindl at> wrote:
>>> Am 27.01.2014 01:18, schrieb Chris Murphy:
>>>> You gave several examples of rollback-snapshot methods - same thing as you suggested them. I never said you requested them
>>> oh my god - i gave several examples *what could be dangerous* in doing that
>>> i *never* ever suggested them
>>> please re-read the thread and then come back with an excuse
>> "suggested them" can mean two things in English: you recommend them, or they are examples. I mean the 2nd case. I understand that you were not ever recommending your examples. You were suggesting them as examples why snapshots in general are bad.
>> The problem is that your examples are crap. They're bad examples because they would break the system, therefore no one would actually do snapshots-rollbacks per your examples, unless they wanted to blow up their system.
> boah the fact "therefore no one would actually do snapshots-rollbacks per your examples" needs to be proven

Really? That seems like saying "no one would stick dynamite in their mouth unless they wanted to die" needs to be proven. I think it will only take a handful of such instances to convince most rational people this isn't a good course of action.

> i only just warned about cases where a rollback would do harm and to *make sure* that really no one would
> do it without take care

That was my *entire* point going back around 36 hours ago…

>> Chris Murphy wrote:
>> If there is a directory that contains update and non-update related file
>> changes, that's a problem. If there's segmentation, then this can be done.
>> Clearly /home needs to be separate (it's OK to take a snapshot but just
>> don't use it by default in a rollback) or we lose changes in /home in a
>> rollback from the time of the snapshot to the time of the decision to
>> rollback.
>> Another possible case it's /etc/ where the either a package or the user
>> could make changes during the update.

> so where is now the point you started a flamewar against me instead
> be quite or say "ok, that would be bad and hopefully does not happen"

I did in fact state your examples were FUD. Where the flaming starts is when you said "blabla - nobody talks about the mailserver" when Simo *had* just mentioned server side changes which is what I was responding to. And "blabla" is just f'n rude from the outset, so yeah I'm going to be a bit of a dick when someone is a.) condescending, b.) says no one said X when someone did in fact say X; and c.) deletes the reply where someone said X; and d.) proceeds with a dozen emails about how I'm the one not paying attention when I asked for context clarification and you decided to jump down my throat and it went downhill quickly from there.

I do mostly just monitor this list, for several years. When people jump on you, are you quiet? No, you jump right back and you argue like hell. So don't tell me that I should be quiet, or how I should respond. From my perspective you were picking a fight, so I decide to play along and maybe mine was a little bit disproportionate of a response, but don't play victim just because you got burned.

> this is a *dvelopent dicussion* and the goal of it is to *prevent*
> mistakes ever happen *before* they are implemented or widely used

Which is exactly why I've involved myself in a thread on snapshotting because unlike you, I have been doing snapshots and rollbacks with LVM and Btrfs for quite a few years. I'm aware that there are some challenges that users will likely face and development needs to account for these things so they aren't easily getting into trouble or confused about where their data is.

Snapshots are a reality, simply sticking our head in the sand for a feature people have been asking for is simply not the way forward. I am not suggesting at all that your workflow should change to include snapshots, so I ask that you have the courtesy to not claim with bad examples that snapshots generally are a bad idea that will hose user's systems and make developers lazy and careless. This is an entirely voluntary project, you are not required to participate in some aspect of its technology you don't use and seem to not even care about.

Chris Murphy

More information about the devel mailing list