On Wed, 31 Jul 2024 at 09:35, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
> Fast forward to now. The customer has found no observable ill effects of
> marking these functions leakproof. The would like to know if there is
> any reason why we can't mark them leakproof, so that they don't have to
> do this in every database of every cluster they use.
>
> Thoughts?
According to [1], it's just not been done yet due to concerns about
risk to reward ratios. Nobody mentioned any reason why it couldn't
be, but there were some fears that future code changes could yield new
failure paths.
David
[1] https://postgr.es/m/02BDFCCF-BDBB-4658-9717-4D95F9A91561%40thebuild.com