* Andres Freund (andres@2ndquadrant.com) wrote:
> I agree that we need to do reasonable checks, like running GUC
> validators, but we simply can't control the overall system state. And
> it's not like this are errors that you couldn't get before. And we
> should (that's something to improve on) report the relevant guc + file
> in many cases.
You could get the errors before, sure, but when you did, you could read
the log output and go modify the *configuration files* (which things in
$PGDATA are *not*) and fix it and get the system back online. If the
files in $PGDATA have to be modified to get the system online then they
are configuration files and should be in /etc.
> Even trying to do this completely will guarantee that this patch will
> never, ever, suceed. There simply is no way to reliably detect problems
> that have complex interactions with the rest of the system.
The patch will never be able to completely remove the need for external
config files, without changes to PG to deal with these conditions
better.
> We can improve the detection rate of problems after some real world
> experience. Don't make this unneccesarily complex.
Actually, putting it out there as "this can be used to modify anything
and means you can trivially make PG unstartable" is actually the wrong
move to make, imv. Consider that, to deal with the issues caused, we'd
have to *remove* things from being modifyable through this function.
That's a whole lot harder to do from a backward-compatibility view than
adding things later as we improve PG to be able to still come up enough
to be useful even with configuration issues.
Thanks,
Stephen