Andres Freund <andres@anarazel.de> writes:
> On 2022-08-04 18:05:25 -0400, Tom Lane wrote:
>> In any case, DROP DATABASE is far from the only place with a problem.
> What other place has a database corrupting potential of this magnitude just
> because interrupts are accepted? We throw valid s_b contents away and then
> accept interrupts before committing - with predictable results. We also accept
> interrupts as part of deleting the db data dir (due to catalog access).
Those things would be better handled by moving the data-discarding
steps to post-commit. Maybe that argues for having an internal
commit halfway through DROP DATABASE: remove pg_database row,
commit, start new transaction, clean up.
regards, tom lane
