| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Peter Geoghegan <pg(at)bowt(dot)ie> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Michael Banck <michael(dot)banck(at)credativ(dot)de>, Michael Paquier <michael(at)paquier(dot)xyz>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: data_checksums enabled by default (was: Move --data-checksums to common options in initdb --help) |
| Date: | 2021-01-06 20:30:32 |
| Message-ID: | 20210106203032.GR27507@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Peter Geoghegan (pg(at)bowt(dot)ie) wrote:
> On Wed, Jan 6, 2021 at 12:03 PM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > Do you really believe it to be wrong? Do we stop performing the correct
> > write calls in the correct order to the kernel with fsync being off? If
> > the kernel actually handles all of our write calls correctly and we
> > cleanly shut down and the kernel cleanly shuts down and sync's the disks
> > before a reboot, will there be corruption from running with fsync off?
>
> This is a total straw man. Everyone understands the technical issues
> with fsync perfectly well, and everyone understands that everyone
> understands the issue, so spare me the "I'm just a humble country
> lawyer" style explanation.
>
> What you seem to be arguing is that the differences between disabling
> checksums and disabling fsync is basically quantitative, and so making
> a qualitative distinction between those two things is meaningless, and
> that it logically follows that disagreeing with you is essentially
> irresponsible. This is a tactic that would be an embarrassment to a
> high school debate team. It's below you.
I can agree that there's a usefulness in making a qualitative
distinction between them, but we're talking about a default here, not
about if we should even have these options or these capabilities or if
we should force them upon everyone or if one is somehow better or worse
than the other. As already mentioned, it's also, at least today, far
simpler to disable checksums than to enable them, which is something
else to consider when thinking about what the default should be.
That the major cloud providers all have checksums enabled (at least by
default, though I wonder if they would even let you turn them off..),
even when we don't have them on by default, strikes me as pretty telling
that this is something that we should have on by default.
Certainly there's a different risk profile between the two and there may
be times when someone is fine with running without fsync, or fine
running without checksums, but those are, in my view, exceptions made
once you understand exactly what risk you're willing to accept, and not
what the default or typical deployment should be.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2021-01-06 20:48:14 | Re: psql \df choose functions by their arguments |
| Previous Message | Pavel Stehule | 2021-01-06 20:22:53 | Re: [HACKERS] [PATCH] Generic type subscripting |