Re: Help me recovering data - Mailing list pgsql-hackers
| From | pgsql@mohawksoft.com |
|---|---|
| Subject | Re: Help me recovering data |
| Date | |
| Msg-id | 16624.24.91.171.78.1108570109.squirrel@mail.mohawksoft.com Whole thread Raw |
| In response to | Re: Help me recovering data (Tom Lane <tgl@sss.pgh.pa.us>) |
| Responses |
Re: Help me recovering data
(Stephan Szabo <sszabo@megazone.bigpanda.com>)
Re: Help me recovering data ("Joshua D. Drake" <jd@commandprompt.com>) |
| List | pgsql-hackers |
> pgsql@mohawksoft.com writes: >> Maybe I'm missing something, but shouldn't the prospect of data loss >> (even >> in the presense of admin ignorance) be something that should be >> unacceptable? Certainly within the realm "normal PostgreSQL" operation. > > [ shrug... ] The DBA will always be able to find a way to shoot himself > in the foot. We've seen several instances of people blowing away > pg_xlog and pg_clog, for example, because they "don't need log files". > Or how about failing to keep adequate backups? That's a sure way for an > ignorant admin to lose data too. There is a difference between actively doing something stupid and failing to realize a maintenence task is required. PostgreSQL should stop working. When the admin tries to understand why, they can read a troubleshooting FAQ and say "oops, I gotta run this vacuum thingy." That is a whole lot better than falling off a cliff you didn't even know was there. > > Once autovacuum gets to the point where it's used by default, this > particular failure mode should be a thing of the past, but in the > meantime I'm not going to panic about it. I don't know how to say this without sounding like a jerk, (I guess that's my role sometimes) but would you go back and re-read this sentence? To paraphrase: "I know this causes a catestrophic data loss, and we have plans to fix it in the future, but for now, I'm not going panic about it." What would you do if the FreeBSD group or Linux kernel group said this about a file system? If you failed to run fsck after 100 mounts, you loose your data? I thought PostgreSQL was about "protecting your data." How many times have we smugly said, "yea, you can use MySQL if you don't care about your data." Any data loss caused by postgresql should be seen as unacceptable. It's funny, while I've known about this for a while, and it has always seemed a sort of distant edge condition that is easily avoided. However, with todays faster machines and disks, it is easier to reach this limitation than ever before. All PostgreSQL needs is one or two VERY UPSET mainstream users who lose data to completely reverse the momemntum that it is gaining. No amount of engineering discussion about it not being the fault of postgresql will be lost, and rightfully so, IMHO. Sorry.
pgsql-hackers by date: