On Sun, Jan 24, 2010 at 12:22 PM, Jonathan Thornburg <jth...@astro.indiana.edu> wrote: > In message <http://marc.info/?l=openbsd-misc&m=126356588306613&w=1>, > Marco Peereboom <slash () peereboom ! us> wrote >> You can do everything right all day long in software but hardware does >> what it does and claiming that a piece of software is crash proof is >> naive at best. > > Hmm. Our rename(2) man page currently says: > > rename() guarantees that if _to_ already exists, an instance of _to_ > will always exist, even if the system should crash in the middle of > the operation. > > Should this perhaps be changed to read something like this? > > rename() tries to guarantee that if _to_ already exists, an instance > of _to_ will always exist, even if the system should crash in the > middle of the operation. However, in some cases the hardware may > not provide the proper support, causing the guarantee to fail. > > Or do we (as a general policy) take this sort of escape clause taken to > be implied to knowledgable readers, and thus need not be explicitly stated?
It's of course implied that hardware and FFS work as they should for the guarantee to work, but... No one seems to want or be able to point out any particular hardware that rename() (and subsequently FFS and MTAs) fail on! When configured as documented - no controller write-back cache (maybe with a battery back-up, but batteries fail too), no drive write-back cache, no async mounts, no known buggy stuff. Which hardware??? Could someone at least point out one example of such hardware? I, and, I am sure many other people who run mail servers would love to know.
