Versionized profiles

This should not add any complexity to interface developers or to users/admins. Why would it?

For people trying to audit or debug the system, yes, they need to be aware that profiles need to change over time, but I’d argue that it’s actually better for auditing purposes that the alternative versions (older or newer) of the profile aren’t just going away.

Again I don’t see how that’d be the case. It doesn’t seem to add any steps in that sense that aren’t already there. For example, today if the profiles aren’t in place when something starts, that something won’t start.

Yes, this is the simplistic view of the problem. The more general view was described here:

The general statement of the problem is that software changes and the format of data they use also changes in incompatible ways. That incompatibility may sometimes be observed going forward, when version N+1 doesn’t understand the data of version N, but it’s more frequently observed when going backwards, when version N doesn’t understand the data of version N+1, because it’s easy to do a migration forwards, but harder to it backwards or introduce completely new ideas while preserving a limited understanding for the old.

That’s pretty much what is being proposed. One detail here is that “every time” is not just about snpad… it needs to take into account every single system dependency that plays a role: snapd, kernel, udev, etc.

Unfortunately the real world is not so kind. The robust and predictable state can easily get completely unusable after a simple boot onto a different kernel, which may happen completely behind the back of snapd.

Yes, that’s the sort of idea being explored.