On Tue, Mar 21, Richard Biener wrote:
No, I am refering to the time window between creating the snapshot and activating it. For a true transaction you'd need to verify the root you are about to replace with the updated snapshot is in the same state as at the time of snapshot creation (thus, it had better be readonly). Otherwise you are losing data.
If you clearly seperate data from applications, as you have to do for snapshot and rollback anyways, the risk is really very low. And if you use a read-only root filesystem, the risk is zero. But this are not only problems with transactional updates, you have the same problems already today if you use rollback. And there the risk of data lossage is much, much higher.
But the system you are implementing sounds a more dangerous way of effectively downloading the update in the running system, rebooting, and at defined state (say, in initrd context) create the snapshot, install into it and continue booting from it.
That's how Windows is doing it and GNOME tries to implement it. You should watch my presentation at Fosdem this year, which negativ impact this already had in the past. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org