Create pre-update snapshot before approval of the update is written to the filesystem
I'm using updates with approvals because I want to be in control of when updates happen. Recently I had to use schnapps to rollback for the first time because of the problems with knot-resolver. It's great there is pre-update snapshot but the problem is that if you rollback to it, the approval of the, potentially broken, update is already written on the disk and hence also in this pre-update snapshot. If you are not aware of this, you might end up with a broken system after a while again, even though you used rollback. A better way would be if the snapshot is taken just before approval is written on the system.
Or an alternative would be some command which would rollback to the pre-update snapshot, written down "denied" to the approvals file and reboot, all this automatically. This would be great for the end-users which usually don't know any details about how the underlying system works.