> What I'm asking for is something in-your-face when there's an expected loss of functionality. When there's a security fix, it should stand out as a danger if you don't accept the update. When there's an expected downgrade, it should stand out as a danger if you do accept the update.
so when you upgrade to GNOME 3 it should warn you that you are about to loose a lot of functionality?
somehow I don't see this taking place.
remember that every upgrade can contain regressions for somebody under some conditions.
Ubuntu does mark some upgrades as being security related. I generally use the command line not the GUI tools, so I can't point you directly at the place to look, but what I remember seeing in passing is that when presented with the list of packages to upgrade, there is a category of security patches.
> I would think that the bulk of what I'm looking for could be achieved by just keeping the previous packages around so they can be reapplied. If a rollback is required, remove the packages that have been added and reapply the packages that have been removed.
you are overestimating the smarts of the packaging tools.
a package contains several pieces, the bulk of the package is the files to install on the system.
However the complicated part of the package are the parts that prepare the system, or change the system as part of the upgrade (frequently modifying config files). These are scripts that can do anything to the system, but these scripts only know about the version of the software that's you are installing (or uninstalling for scripts that make changes when you uninstall a package), they don't know what version used to be on the system, and they cannot possibly know about what changes a newer version may have made to config files to convert them back.
This makes a package based upgrade backout _extremely_ hard to do, and given that a large percentage of upgrade problems have to do with failures of these scripts (not converting config files perfectly), relying on them to be perfect in doing a downgrade is silly.
you may be thinking "well, just make backup copies of the config files then", but this isn't limited to config files, this process can modify _anything_ on your system, databases, files, directories, ANYTHING. This is why installing packages from an unknown source can be so dangerous.