apt-ostree/.notes/out-of-scope/rpm-ostree.md

# rpm-ostree Out of Scope Features

## Overview

This document outlines features and functionality that are considered out of scope for rpm-ostree. These features are either not aligned with rpm-ostree's core philosophy, would add unnecessary complexity, or are better handled by other tools.

## Core Philosophy Constraints

### "From Scratch" Philosophy

rpm-ostree follows a strict "from scratch" philosophy where every change regenerates the target filesystem completely. This constrains certain features:

**Out of Scope:**
- **Incremental package updates**: Cannot modify existing packages in-place
- **Live package modifications**: Cannot change packages while system is running
- **Partial rollbacks**: Cannot rollback individual packages, only entire deployments
- **Package version pinning**: Cannot pin specific package versions within a deployment

**Rationale:** These features would violate the immutable, atomic nature of rpm-ostree deployments.

### Atomic Operations

rpm-ostree requires all operations to be atomic with proper rollback support:

**Out of Scope:**
- **Non-atomic package operations**: Cannot install packages without creating new deployment
- **Partial transaction support**: Cannot commit partial changes
- **Live system modifications**: Cannot modify running system directly
- **Package dependency resolution conflicts**: Cannot resolve conflicts by modifying existing packages

**Rationale:** These would break the atomicity guarantees that make rpm-ostree reliable.

## Package Management Limitations

### Traditional Package Manager Features

rpm-ostree intentionally omits certain traditional package manager features:

**Out of Scope:**
- **Package version management**: Cannot downgrade individual packages
- **Package configuration management**: Cannot modify package configurations in-place
- **Package script customization**: Cannot customize package installation scripts
- **Package repository management**: Cannot add/remove repositories dynamically
- **Package signing verification**: Cannot verify individual package signatures

**Rationale:** These features are better handled by traditional package managers or would add unnecessary complexity.

### Advanced Package Features

Certain advanced package management features are not supported:

**Out of Scope:**
- **Package groups**: Cannot install/remove package groups
- **Package collections**: Cannot manage package collections
- **Package patterns**: Cannot use package patterns for installation
- **Package recommendations**: Cannot handle package recommendations
- **Package suggestions**: Cannot handle package suggestions

**Rationale:** These features add complexity without providing significant value in the rpm-ostree model.

## System Management Limitations

### Traditional System Administration

rpm-ostree intentionally limits traditional system administration capabilities:

**Out of Scope:**
- **User management**: Cannot create/modify users directly
- **Group management**: Cannot create/modify groups directly
- **Service management**: Cannot enable/disable services directly
- **Configuration management**: Cannot modify system configurations in-place
- **Network configuration**: Cannot configure networking directly

**Rationale:** These are better handled by systemd, user management tools, or configuration management systems.

### Live System Modifications

rpm-ostree does not support live system modifications:

**Out of Scope:**
- **Live kernel updates**: Cannot update kernel without reboot
- **Live library updates**: Cannot update libraries while applications are running
- **Live service updates**: Cannot update services without restart
- **Live configuration changes**: Cannot change configurations without deployment

**Rationale:** These would violate the immutable filesystem model and atomicity guarantees.

## Development and Testing Limitations

### Development Workflow Features

Certain development workflow features are not supported:

**Out of Scope:**
- **Development package installation**: Cannot install development packages directly
- **Debug package installation**: Cannot install debug packages directly
- **Source package management**: Cannot manage source packages
- **Package building**: Cannot build packages from source
- **Package patching**: Cannot apply patches to packages

**Rationale:** These features are better handled by development tools, build systems, or traditional package managers.

### Testing and Validation

Certain testing features are not supported:

**Out of Scope:**
- **Package testing**: Cannot test individual packages
- **Integration testing**: Cannot test package integrations
- **Performance testing**: Cannot benchmark package performance
- **Security testing**: Cannot audit package security
- **Compatibility testing**: Cannot test package compatibility

**Rationale:** These are better handled by dedicated testing frameworks and tools.

## Container and Virtualization Limitations

### Container Integration

rpm-ostree has limited container integration capabilities:

**Out of Scope:**
- **Container runtime management**: Cannot manage container runtimes
- **Container orchestration**: Cannot orchestrate containers
- **Container networking**: Cannot configure container networking
- **Container storage**: Cannot manage container storage
- **Container security**: Cannot manage container security policies

**Rationale:** These are better handled by dedicated container management tools.

### Virtualization Support

rpm-ostree has limited virtualization support:

**Out of Scope:**
- **Virtual machine management**: Cannot manage virtual machines
- **Virtual machine templates**: Cannot create VM templates
- **Virtual machine snapshots**: Cannot manage VM snapshots
- **Virtual machine networking**: Cannot configure VM networking
- **Virtual machine storage**: Cannot manage VM storage

**Rationale:** These are better handled by dedicated virtualization management tools.

## Network and Security Limitations

### Network Management

rpm-ostree has limited network management capabilities:

**Out of Scope:**
- **Network configuration**: Cannot configure networking
- **Network services**: Cannot manage network services
- **Network security**: Cannot configure network security
- **Network monitoring**: Cannot monitor network traffic
- **Network troubleshooting**: Cannot troubleshoot network issues

**Rationale:** These are better handled by dedicated network management tools.

### Security Management

rpm-ostree has limited security management capabilities:

**Out of Scope:**
- **Access control**: Cannot manage access control policies
- **Authentication**: Cannot manage authentication systems
- **Authorization**: Cannot manage authorization policies
- **Audit logging**: Cannot manage audit logs
- **Security scanning**: Cannot scan for security vulnerabilities

**Rationale:** These are better handled by dedicated security management tools.

## Monitoring and Logging Limitations

### System Monitoring

rpm-ostree has limited system monitoring capabilities:

**Out of Scope:**
- **Performance monitoring**: Cannot monitor system performance
- **Resource monitoring**: Cannot monitor system resources
- **Application monitoring**: Cannot monitor applications
- **Service monitoring**: Cannot monitor services
- **Health checking**: Cannot perform health checks

**Rationale:** These are better handled by dedicated monitoring tools.

### Logging Management

rpm-ostree has limited logging management capabilities:

**Out of Scope:**
- **Log collection**: Cannot collect logs
- **Log analysis**: Cannot analyze logs
- **Log rotation**: Cannot rotate logs
- **Log archiving**: Cannot archive logs
- **Log searching**: Cannot search logs

**Rationale:** These are better handled by dedicated logging management tools.

## Backup and Recovery Limitations

### Backup Management

rpm-ostree has limited backup capabilities:

**Out of Scope:**
- **File backup**: Cannot backup individual files
- **Directory backup**: Cannot backup directories
- **Database backup**: Cannot backup databases
- **Application backup**: Cannot backup applications
- **Configuration backup**: Cannot backup configurations

**Rationale:** These are better handled by dedicated backup tools.

### Recovery Management

rpm-ostree has limited recovery capabilities:

**Out of Scope:**
- **File recovery**: Cannot recover individual files
- **Directory recovery**: Cannot recover directories
- **Database recovery**: Cannot recover databases
- **Application recovery**: Cannot recover applications
- **Configuration recovery**: Cannot recover configurations

**Rationale:** These are better handled by dedicated recovery tools.

## Future Considerations

### Potential Future Scope

Some features currently out of scope may be considered in the future:

**Future Considerations:**
- **Enhanced container support**: May add more container integration features
- **Advanced monitoring**: May add basic monitoring capabilities
- **Security enhancements**: May add basic security features
- **Network integration**: May add basic network features
- **Backup integration**: May add basic backup features

**Criteria for Inclusion:**
- Must align with core philosophy
- Must maintain atomicity guarantees
- Must not add unnecessary complexity
- Must provide significant value
- Must not duplicate existing tools

### Integration with Other Tools

rpm-ostree focuses on integration rather than duplication:

**Integration Approach:**
- **Use existing tools**: Leverage existing tools for out-of-scope features
- **Provide interfaces**: Provide interfaces to external tools
- **Support workflows**: Support workflows that use external tools
- **Maintain focus**: Maintain focus on core functionality
- **Enable ecosystem**: Enable ecosystem of complementary tools

**Benefits:**
- Reduced complexity
- Better tool specialization
- Improved maintainability
- Enhanced ecosystem
- Focused development