On Wed, 2011-03-02 at 16:24 -0500, Andrew Dunstan wrote:
>
> On 03/02/2011 04:13 PM, Simon Riggs wrote:
> > On Wed, 2011-03-02 at 15:44 -0500, Andrew Dunstan wrote:
> >> On 03/02/2011 03:39 PM, Simon Riggs wrote:
> >>> Truly "synchronous" requires two-phase commit, which this never was. So
> >>> the absence or presence of the poorly specified parameter called
> >>> allow_standalone_primary should have no bearing on what we call this
> >>> feature.
> >>>
> >> I haven't been following this very closely, but to me this screams out
> >> that we simply must not call it "synchronous".
> > As long as we describe it via its characteristics, then I'll be happy:
> >
> > * significantly reduces the possibility of data loss in a sensibly
> > configured cluster
> >
> > * allow arbitrary N+k resilience that can meet and easily exceed
> > "5 nines" data durability
> >
> > * isn't two phase commit
> >
> > * isn't a magic bullet that will protect your data even after your
> > hardware fails or is disconnected
> >
>
>
> Ok, so let's call it "enhanced safety" or something else that isn't a
> term of art.
Good plan.
Oracle avoided the whole issue by referring to the two modes as "maximum
availability" and "maximum protection". I'm not sure if that is patented
or copyright etc, but I'm guessing they had this exact same discussion,
just a little less friendly.
Perhaps we can coin the term "High Durability".
-- Simon Riggs http://www.2ndQuadrant.com/books/PostgreSQL Development, 24x7 Support, Training and Services