... (probably due to the symlink bug) ...
I guess, I've just run into the file relocation bug (otherwise, we have a more serious bug here), showed by upgrade046.py. Briefly, the file relocation check is hacked into the fileconflict check, which is omitted with -f.
Even if -f checked file relocation, that operation still would be dangerous. (Even if the user is sure that the fileconflict induced -f is a false alarm!) File relocation may not be detected (this can be a reason of the false alarm) - this can happen around symlinks again. symdir -> dir in the following example: sync/foo contains symdir/file, local/foo doesn't. local/bar contains dir/file, sync/bar doesn't. We assume, that -Suf upgrades both foo and bar. In this case file relocation cannot be detected (atm), so if bar is upgraded after foo, 'file' will be deleted. :-( Unfortunately this situation can happen without -f, too. Fortunately, this is very rare: If the user deletes file in our example, the fileconflict check won't catch anything (neither fileconflict, nor file relocation), but during the upgrade of bar file will be deleted. Conclusion 1.: -f is a much more dangerous operation than the end-user may suspect, maybe we should update the manual of --force a bit. Conclusion 2.: Deleting files of a package is not recommended. In this case pacman's fileconflict and file relocation check is fooled (we do NOT compare local filelist versus target filelist). Conclusion 3.: From package manager viewpoint, remove all local target packages then install all the new ones is much better. However, this is much more dangerous (interrupted operation). Conclusion 4.: Without real transaction system (FS#8585), we have some ~unsolvable issues.