| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql(at)mohawksoft(dot)com |
| Cc: | "Russell Smith" <mr-russ(at)pws(dot)com(dot)au>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Data loss, vacuum, transaction wrap-around |
| Date: | 2005-02-19 03:35:31 |
| Message-ID: | 6391.1108784131@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
pgsql(at)mohawksoft(dot)com writes:
> I think there should be a 100% no data loss fail safe.
Possibly we need to recalibrate our expectations here. The current
situation is that PostgreSQL will not lose data if:
1. Your disk drive doesn't screw up (eg, lie about write complete,
or just plain die on you).
2. Your kernel and filesystem don't screw up.
3. You follow the instructions about routine vacuuming.
4. You don't hit any bugs that we don't know about.
I agree that it's a nice idea to be able to eliminate assumption #3 from
our list of gotchas, but the big picture is that it's hard to believe
that doing this will make for a quantum jump in the overall level of
reliability. I think I listed the risks in roughly the right order of
severity ...
I'm willing to fix this for 8.1 (and am already in process of drafting a
patch), especially since it ties into some other known problems such as
the pg_pwd/pg_group files not being properly reconstructed after PITR
recovery. But I think that a "Chinese fire drill" is not called for,
and backpatching a significant but poorly tested change falls into that
category IMHO.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2005-02-19 03:47:21 | Re: SPI_finish and RegisterExprContextCallback |
| Previous Message | Bruce Momjian | 2005-02-19 03:35:07 | Re: UTF8 or Unicode |