On Sun, Jun 18, 2017 at 11:38:45AM +0200, Ricardo Wurmus wrote: > > Ludovic Courtès writes: > > > BTW, should --only-substitutes filter out packages without a substitute, > > or should it simply stop and report the list of missing substitutes > > (after which the user could use --do-not-upgrade)? I like making it return a list on stdout so it can be composed as suggested. > In my opinion “--only-substitutes” should stop and report a list. > If it continued without complaining there could be problems: > > * partial upgrades could leave the profile in an unusable state > > * an attacker could use this to trick a user into thinking that they > have all available updates > > On the other hand, it would make “--only-substitutes” less usable, > because to actually perform work one would have to deal with the failure > case. > > I suppose it could download the substitutes but not build a new profile > and report an error at that point. Perhaps there could be an additional flag --partial-upgrade to make it build a new profile. I understand why people want --only-substitutes but I'm a bit wary of it for the reasons you gave, and I think we should solve their complaint by improving our build infrastructure.