Andreas Pflug <pgadmin@pse-consulting.de> writes:
> If there's a .00001 % chance it *corrupts* the cluster, the function is
> not acceptable.
See my response to Dave Page just now. Not only wouldn't I give you
those odds today, but I don't think we could ever get to the point of
saying that session kill is that reliable, at least not from our
ordinary methods of field testing. It'd require significant focused
code review and testing to acquire such confidence, and continuing
effort to make sure we didn't break it again in the future.
If we had infinite manpower I'd be happy to delegate a developer or
three to stay on top of this particular issue. But we don't :-(
regards, tom lane