Lubos Kocman wrote:
Our social platforms (forums-o-o, discord, etc) show many cases where incorrect usage of the service leads to Leap systems being partially migrated to Tumbleweed, or you end up with Tumbleweed which has enabled a lot of invalid repos. The situation is not going likely to improve without care any time soon.
I assume you're talking about 1-click installs here? I think this is more of a problem with yast-metapackage-handler. It should be checking if the repositories are compatible with the release the user is on, and it needs to offer an option to set the repo priority before installing anything. I think the 1-click installs are a really good idea, but yast-metapackage-handler needs improvement. Making yast-metapackage-handler more robust by adding the option for priorities, probably even defaulting to a lower priority for repos being added through 1-clicks, and making sure the repo being added matches the release the user is running fixes all of the problems for users that you mentioned above. I know a lot of users really like the 1-click installs, and I think abandoning them completely would be a huge mistake.
I understand the need to update the backend to something more secure, but I think pushing this discussion in the direction of getting rid of features is a mistake. It really shouldn't be super difficult to tweak yast-metapackage-handler so that it can be safer for users. Also, there are a few other instances where 1-click installs come in handy such as adding codecs from Packman easily. I really think improving yast-metapackage-handler is the better option over abandoning 1-click installs entirely.