| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
| Cc: | "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>, "Vince Vielhaber" <vev(at)michvhf(dot)com>, "Ron Mayer" <ron(at)intervideo(dot)com>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: [mail] Re: Windows Build System |
| Date: | 2003-01-30 21:54:39 |
| Message-ID: | 29609.1043963679@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> And, by the way, who in their right mind tests a database server by repeated
> yanking of the AC power?
Anybody who would like their data to survive a power outage.
> To go to that extreme for Win32 when we caution
> against something as mundane as a kill -9 of postmaster on Unix is absurd.
> And, yes, I know the difference. I also know that the AC power pull has
> nothing to do with PostgreSQL, but it has to do with the OS under it.
> Although a kill -9, from the point of view of the running process, is
> identical to a power failure.
No, it is not. Did you not read my comments earlier today? The reasons
why we are concerned about kill -9 have *nothing* to do with whether the
database can survive system crashes. Rather, the issues created by kill
-9 have to do with coping with leftover state from a previous postmaster
in the same system lifecycle. I forgot to mention one of the biggest
headaches, which is that kill -9 the postmaster doesn't kill the child
backends. We've got an interlock that tries to prevent starting a new
postmaster when there are still old children around, but it's one of the
things that I think is most likely to break on any new port. (And I'm
dead certain that that code doesn't work on Windows.) It's that sort of
thing that we have painfully worked out on Unix-based systems, and are
going to have to do over again for Windows. In many places we are
probably not even going to realize that we have to do something over
again, until someone gets bitten.
The fact that Postgres is reliable does not come (only) from the code
being "right" in some abstract sense that will carry over to a new
platform. A big reason it's reliable is that we have painfully learned
about Unix-ish failure modes and put in defenses against them. Windows
is going to bring a whole new set of failure modes that we don't have
defenses for. (Yet.) *That* is what we need extensive testing to learn
about, and claiming that we are discriminating against Windows just
because it's Windows misses the point completely.
Or, if you prefer, we can ship Postgres 7.4 for Windows with no more
testing than we need for any of the existing, long-since-well-tested
ports. But I'll bet a great deal that our reputation will go down the
drain (along with many people's data) if we do that.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Brown | 2003-01-30 22:04:00 | Re: [PATCHES] v7.2.4 bundled ... |
| Previous Message | Lamar Owen | 2003-01-30 21:42:11 | Re: Windows Build System - My final thoughts |