You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I request advice from Thoth using the latest recommendation type, I get a set of dependency updates that include several downgrades, sometimes to quite older versions.
As a user, this is counter-intuitive to the name of the recommendation: one would expect "latest" to stay relatively close to the most current versions.
Look at the resulting package update recommendations
Actual behavior
Downgrading packages and introducing already-fixed CVEs: Auto generated update ps-cv#45 (review). While the latest recommendation type does not consider CVE data, at first sight the downgrades seem to diverge significantly from the latest versions available in the database.
The implementation always tries to resolve the latest software stack possible (all the packages in their latest versions).
It then clarifies that this is not always possible, and that there are (non-pip/pipenv compatible) non-deterministic hops.
However, the "hops" and divergence from the actual latest software stack possible in the examples mentioned above seem to be a bit too much for a recommendation type called latest.
Environment information
Adviser v0.56.2
Kebechet v1.10.5
Additional context
Creating this from #2329 (comment) after discussion in the SIG-StackGuidance meeting, where it was mentioned that:
This is probably expected behaviour. If that's the case, though, we might need to heavily expand the documentation to explain how these recommendations fit into a latest recommendation type —or change the recommendation type name.
Bug description
When I request advice from Thoth using the latest recommendation type, I get a set of dependency updates that include several downgrades, sometimes to quite older versions.
As a user, this is counter-intuitive to the name of the recommendation: one would expect "latest" to stay relatively close to the most current versions.
Steps to Reproduce
Steps to reproduce the behavior:
latestrecommendation type configured in.thoth.yamlthamos advise. I did this via Kebechet AdviseActual behavior
From a different Kebechet Advise request in the
pythonrepo:Expected behavior
According to the adviser documentation for the latest predictor:
It then clarifies that this is not always possible, and that there are (non-pip/pipenv compatible) non-deterministic hops.
However, the "hops" and divergence from the actual latest software stack possible in the examples mentioned above seem to be a bit too much for a recommendation type called latest.
Environment information
Additional context
Creating this from #2329 (comment) after discussion in the SIG-StackGuidance meeting, where it was mentioned that:
We agreed to create this issue to investigate further