Hello,
On 13 May 2022, at 09:05, hofmann@leo-andres.de wrote:
Hi Michael,
Am 12.05.2022 um 11:20 schrieb Michael Tremer:
Hello Leo,
On 11 May 2022, at 13:18, Leo Hofmann hofmann@leo-andres.de wrote: Hi all, I saw this comment in the Pakfire functions library: https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=src/pakfire/lib/functions.... And I remembered that sometimes people ask how to reinstall an update. For example because they have changed from the "testing" tree back to "stable" and want to get the final release version of the update. Would it be worthwhile to add a "reinstall core update" button to the web interface? Or would that lead to people breaking stuff? Is decrementing '/opt/pakfire/db/core/mine' still the recommended way to do that? https://wiki.ipfire.org/configuration/ipfire/pakfire/testing
Technically, that is all that needs to be done, and we semi-automatically do this when people change from one branch to another one. We then re-install the latest version of the last update which is just a shot in the dark to keep systems somewhat close to the releases - which is always a little bit difficult in a test environment. However, I am not in favour of making re-installing this too easy, because you can just see some of the outfall in Adolf’s emails from yesterday. It is generally not a supported operation. However, it can be helpful in very few cases. But only very few.
Well I assumed that this would be used much more often, because it is asked for from time to time and a wiki page exists.
I would also say that on the web UI, we should be very careful about giving people the option to “press a magic button and everything is alright”. We somehow introduced that with the fsck button which I do not think helps anyone that much really, because a healthy filesystem does not manual checking (it is not Windows 98 where you have to “defragment” things from time to time) and if it does, it is normally smart enough to figure that out by itself. If the user has any reason to believe that their filesystem might be corrupt, the filesystem should have noticed that earlier and try to fix itself, or you are in territory where you will have to replace your storage device and re-install the whole OS. Right now, I do not mind having that button - it does not do much harm after all. But I thought it was a good example to illustrate that just because we can very easily give people the option, we should ask ourselves why people would need this in the first place.
Personally I use lower end hardware for my home setup and this has helped me find a faulty SSD. In my opinion, there is nothing wrong with having basic troubleshooting tools easily accessible, especially in chaotic moments after a failure. But if you have noticed that users see this as a magic "fix my messed up setup" button, I'm happy to rename or (re)move it. How about "run 'fsck'" instead of "check filesystem"?
I do not have anything against a button that makes people’s lives easier. Not at all.
I am just a little bit fearful that people might use it wrong; and then, the problems outweigh the benefits.
I was just using the fsck button as an example because I thought it was an easy one. I do not have any desire to remove it again. It does not create any harm.
However, re-applying an update might be a more dangerous operation.
Regarding re-installing an older Core Update I am thinking: a) The user is testing something and things didn’t work out. Going back isn’t always possible but it might work. In that case, those people should know how to do this. Maybe a command line option is convenient. I wouldn’t object that.
Yes that would be a nice feature for the testers. But I don't want to work on the Pakfire core for such a small thing.
Why not?
b) You have reason to believe that your system was compromised. Re-installing the latest Core Update does not fix that. Here is where I consider a button on the web UI dangerous. Just pressing that does not fix anything.
Okay here I have to agree with you. That button might give a false sense of security. Besides, someone who really needs this button is unlikely to run testing releases.
False sense of security is kind of the keyword here. It is probably not only our fight to fight, and Peter would heavily object here, but we have too many people working in IT who do not know enough about basic things. It happens that people set up a firewall “and then you are all safe”. That isn’t enough. It has to be configured, and it has to be maintained. That is work that just needs to be done.
We have so many systems that run an outdated version of IPFire. We have to assume that it is a lot easier to exploit those installations than an up-to-date one, and so there is no real security, just the false sense of it.
I would like to fight this somewhat.
In the end, people are obviously on their own. We cannot make this whole thing idiot proof. If people are ignorant to how networks work and how to set up a firewall, then that is a huge problem that we cannot solve with any buttons. But I would like to take away any lazy excuses for those people.
-Michael
Regards Leo
Did I overlook any reasons why this option should be there? -Michael
Best regards Leo