adviser icon indicating copy to clipboard operation
adviser copied to clipboard
verified publisher icon thoth-station

"latest" advice downgrades a bit too much for being "latest"

Open codificat opened this issue 3 years ago • 1 comments

Bug description

When I request advice from Thoth using the latest recommendation type, I get a set of dependency updates that include several downgrades, sometimes to quite older versions.

As a user, this is counter-intuitive to the name of the recommendation: one would expect "latest" to stay relatively close to the most current versions.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Go to the ps-cv repository, which has the latest recommendation type configured in .thoth.yaml
  2. Request a thamos advise. I did this via Kebechet Advise
  3. Look at the resulting package update recommendations

Actual behavior

  • Downgrading packages and introducing already-fixed CVEs: https://github.com/thoth-station/ps-cv/pull/45#pullrequestreview-1114477726. While the latest recommendation type does not consider CVE data, at first sight the downgrades seem to diverge significantly from the latest versions available in the database.
  • Downgrading from a released version to an older pre-release version: https://github.com/thoth-station/ps-cv/pull/43#pullrequestreview-1114491371

From a different Kebechet Advise request in the python repo:

  • Downgrading to a 4+ years old version: https://github.com/thoth-station/python/pull/480#pullrequestreview-1114519190

Expected behavior

According to the adviser documentation for the latest predictor:

The implementation always tries to resolve the latest software stack possible (all the packages in their latest versions).

It then clarifies that this is not always possible, and that there are (non-pip/pipenv compatible) non-deterministic hops.

However, the "hops" and divergence from the actual latest software stack possible in the examples mentioned above seem to be a bit too much for a recommendation type called latest.

Environment information

  • Adviser v0.56.2
  • Kebechet v1.10.5

Additional context

Creating this from https://github.com/thoth-station/adviser/issues/2329#issuecomment-1252977714 after discussion in the SIG-StackGuidance meeting, where it was mentioned that:

  • This is probably expected behaviour. If that's the case, though, we might need to heavily expand the documentation to explain how these recommendations fit into a latest recommendation type —or change the recommendation type name.
  • A switch to a backtracking algorithm as per issue #2329 would not fix that gap.

We agreed to create this issue to investigate further

codificat avatar Sep 27 '22 11:09 codificat

/sig stack-guidance /priority important-soon

codificat avatar Sep 27 '22 11:09 codificat