On Sun, Jun 18, 2017 at 10:44:34AM -0700, Timothy Sample wrote: > Leo Famulari writes: > > On Sun, Jun 18, 2017 at 11:38:45AM +0200, Ricardo Wurmus wrote: > >> In my opinion “--only-substitutes” should stop and report a list. > >> If it continued without complaining there could be problems: > >> > >> * partial upgrades could leave the profile in an unusable state > > Maybe I don’t understand Guix that well yet, but I don’t think this is > possible. At least I don’t understand how it would happen. Under the > hood, the “--only-substitutes” flag would basically just be an > intelligent “--do-not-upgrade” flag. Can I ruin my profile by misusing > “--do-not-upgrade”? I'm not sure what you mean by "ruin your profile". It's unlikely you'd break your Guix installation, if that's what you mean. However, the Guix development model is that the master branch should always be "deployable", and Guix developers expect the typical user to base their installations on the master branch. If there is some package that can't be fetched from Hydra for any reason [0], users of `--only-substitutes` will simply never get that upgraded package until it can be downloaded. As time goes by, their installations will basically fork from GNU Guix, and we won't be able to understand what Guix version they are using or be able to support it. The non-substitutable package will drag an old and vulnerable dependency tree (growing both up and down) along with it, and the users will probably not notice. By the way, the same warning applies if you are upgrading your profile piecemeal instead of all at once with `guix package -u .`. So, `--only-substitutes` is definitely something for people who know what they are doing and understand the risks. For this reason, I think that using it should require shell command composition, for example: $ guix package -u . --do-not-upgrade $(guix package -u . --only-substitutes) We should make it easy for users to do the safe thing (a full profile upgrade), and not be too concerned if potentially dangerous actions like a partial upgrade require a bit of extra typing. If it seems confusing that `guix package -u . --only-substitutes` doesn't actually upgrade anything, then it could be named differently, or be part of another command such as `guix substitute`. I still think the right way to handle this feature request is to improve the build farm. I use NixOS sometimes and I almost *never* have to build anything; it's possible to improve our infrastructure to the point where nobody will think they need this feature.