| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Petr Jelinek <petr(dot)jelinek(at)2ndquadrant(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Checksums by default? |
| Date: | 2017-01-21 18:17:13 |
| Message-ID: | 32444.1485022633@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> Because I see having checksums as, frankly, something we always should
> have had (as most other databases do, for good reason...) and because
> they will hopefully prevent data loss. I'm willing to give us a fair
> bit to minimize the risk of losing data.
To be perfectly blunt, that's just magical thinking. Checksums don't
prevent data loss in any way, shape, or form. In fact, they can *cause*
data loss, or at least make it harder for you to retrieve your data,
in the event of bugs causing false-positive checksum failures.
What checksums can do for you, perhaps, is notify you in a reasonably
timely fashion if you've already lost data due to storage-subsystem
problems. But in a pretty high percentage of cases, that fact would
be extremely obvious anyway, because of visible data corruption.
I think the only really clear benefit accruing from checksums is that
they make it easier to distinguish storage-subsystem failures from
Postgres bugs. That can certainly be a benefit to some users, but
I remain dubious that the average user will find it worth any noticeable
amount of overhead.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2017-01-21 18:18:31 | Re: Checksums by default? |
| Previous Message | Tom Lane | 2017-01-21 18:04:18 | Re: Checksums by default? |