Hello Guix! I have been thinking about this for a long time and would like to share it now.
The transactional upgrades and roll-backs are available to both Guix Package and Guix System. But I see a important difference which might be crucial to guix's development and use. GUIX PACKAGE: The guix package transactions are MODULAR. That is, you can upgrade packages selectively. For example, you can upgrade all packages except one/few (or) only upgrade one/few. GUIX SYSTEM: The guix system transactions are NON-MODULAR. That is, you cannot selectively reconfigure certain parts of the system. For example, you either reconfigure the system as a whole (or) you do not reconfigure the system at all. IMPLICATIONS: Lets assume we have 5 packages in profile. Package 1, 3 and 5 has non-critical updates. Package 4 has non-critical update but it breaks. Package 2 has critical update (CVE). We can either upgrade all packages except package 4 (or) we can upgrade only package 2. Lets assume we have 5 services/packages in system. Package/Service 1, 3 and 5 has non-critical updates. Package/Service 4 has non-critical update but it breaks. Package/Service 2 has critical update (CVE). Now, when we reconfigure the system, all packages/services will upgrade, package/service 4 will break the system. We can of course do '--roll-back' and take the system to previous working state. But that will leave the system with critical vulnerability. Therefore, we cannot reconfigure package/service 2 or any other parts of the system, until the package/service 4 is fixed. This window/gap puts guix system at great risk and instability. SUGGESTION: We can brain-storm and implement a way to make guix system transactions modular. Any ideas? Thank you! Regards, Raghav "RG" Gururajan.