If I understand this change correctly, then:
· Before: If one package update is uninstallable, then that package
won't be updated, but other packages can still be updated.
· After: If one package update is uninstallable, then *nothing* will be
updated.
And you call that an improvement?
Relevant excerpt from the updated `dnf.conf(5)`:
<pre>
best boolean
When upgrading a package, always try to install its highest version
available, even only to find out some of its deps are not satisfiable.
Enable this if you want to experience broken dependencies in the
repositories firsthand. The default is True.
</pre>
"Best" is an absolutely terrible name for this option. By what
definition is an unusable package "better" than a lower-numbered
package that can actually be installed?
Right now, when DNF runs in `best=0` mode, if a package cannot be
upgraded due to dependency problems, it is skipped and a warning is
printed in the transaction summary table. However, this poses a risk
of important security fixes being overlooked by the user in case they
are broken for some reason, such as due to a repository
misconfiguration or inconsistency within the metadata itself.
If there is a significant risk that the warning will be overlooked,
then how about just making the warning more visible?
Moreover, since DNF always exits with the return code `0` (success)
when in `best=0` mode, this mode is especially risky in automated
scripts
Would it not be possible to program DNF to update what can be updated
and then return a nonzero exit code?
Björn Persson