* Tom Lane (t...@sss.pgh.pa.us) wrote: > Magnus Hagander <mag...@hagander.net> writes: > > Is it time to enable checksums by default, and give initdb a switch to turn > > it off instead? > > Have we seen *even one* report of checksums catching problems in a useful > way?
This isn't the right question. The right question is "have we seen reports of corruption which checksums *would* have caught?" Admittedly, that's a much harder question to answer, but I've definitely seen various reports of corruption in the field, but it's reasonably rare (which I am sure we can all be thankful for). I can't say for sure which of those cases would have been caught if checksums had been enabled, but I have a hard time believing that none of them would have been caught sooner if checksums had been enabled and regular checksum validation was being performed. Given our current default and the relative rarity that it happens, it'll be a great deal longer until we see such a report- but when we do (and I don't doubt that we will, eventually) what are we going to do about it? Tell the vast majority of people who still don't have checksums enabled because it wasn't the default that they need to pg_dump/reload? That's not a good way to treat our users. > I think this will be making the average user pay X% for nothing. Have we seen *even one* report of someone having to disable checksums for performance reasons? If so, that's an argument for giving a way for users who really trust their hardware, virtualization system, kernel, storage network, and everything else involved, to disable checksums (as I suggested elsewhere), not a reason to keep the current default. Thanks! Stephen
signature.asc
Description: Digital signature