On 2/22/21 6:58 AM, Anton Hvornum via arch-general wrote:
I added 2FA way back when to /etc/pam.d/system-login and that meant that pacman placed a .pacnew file alongside the modified system-login (as expected) on upgrade. But the notification about this got lost in the sea of packages which is on me of course. But seeing as this is a modification to a system critical file can (and did) cause a complete lockout of accounts on the machine due to `auth required` being the keywords put in place. I would have expected this to be on the bulletin board about possible manual intervention required.
Arch does a fantastic job in doing all that it does in a rolling release, so don't take this the wrong way, but I do agree with Anton a bit here. Over the years (12 now), there have been 4-5 times that an update with pacman -Syu has left me with either a critical server package in need of an immediate day long learn and reconfigure session, or a change has left remote adminned machines unreachable. (considering the 100's of thousands of package upgrades over those 12 years, those are quite good stats) But if there is any way to do a double-check on system critical or server critical packages and drop a note if some type of breakage or immediate attention will be needed would be welcomed. I know, I know, in a perfect-world we would have all the manpower desired to look at ever aspect up potential adverse impacts and would all be informed of each upcoming change, but we live in the real-world and there will be some changes that hit some harder than others. I can't see the user solution being building different systems to pre-check if pacman -Syu is advisable. The Arch way has always been that only current systems fully updated by pacman -Syu are supported and throughout the wiki, etc.. the advice being "make sure you do a pacman -Syu before ..." We should ensure, to the greatest extent possible, that (1.) pacman -Syu remains the safe, gold-standard on how updates are done, and (2.) make a good effort to note any changes likely to cause problems on archlinux.org. It's hard to make what is already done well, better, but there is always room for improvement. -- David C. Rankin, J.D.,P.E.