On Fri, May 1, 2015 at 10:41 AM, Abhijit Menon-Sen <a...@2ndquadrant.com> wrote: > At 2015-05-01 09:57:28 -0400, robertmh...@gmail.com wrote: >> >> If you don't object to this version, I'll commit it. > > Looks fine to me, thank you.
OK, committed and back-patched. > As for the non-backpatchable 0002, I agree with Andres that it should be > included in 9.5; but I take it you're still not convinced? No, I'm not convinced. That patch will protect you in one extremely specific scenario: you turn off fsync, do some stuff, shut down, turn fsync back on again, and start up. But it won't protect you if you crash while fsync is off, or after you shut down with fsync=off and before you restart with fsync=on. And there's no documentation change here that would help anyone distinguish between the situations in which they are protected and the situations in which they are not protected. Without that, a lot of people are going to get this wrong. As an alternative, how about fsync=shutdown parameter? This could be documented to fsync the data directory at shutdown. It could document that there is a risk of corruption if the server crashes, but that the database is OK if shut down cleanly. fsync=off could document that you must run initdb --sync-only after shutting down, else you are unsafe. I'm not wedded to any particular solution, but an undocumented hack that some people will manage to use safely some of the time doesn't seem good enough to me. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers