However noble it may be I don't think we stand a realistic chance of
implementing a stable repair function if the DB corrupts at an
undefined point in the upgrade process. There are just *way* too many
variables if we have fx. 4 different DB schemes that can all intermix
and corrupt in different
Oh, and one point in I forgot to add in my previous comment - I don't
want to validate the DB on startup. That's just way too expensive -
and whas in fact one of the primary points when I implemented DB
versioning.
One thing we could do to easily, and almost freely, detect when we are
killed