On Fri, Jun 3, 2016 at 2:12 PM, Andres Freund <andres@anarazel.de> wrote:
> On 2016-06-03 14:00:00 -0400, Robert Haas wrote:
>> On Fri, May 27, 2016 at 8:44 PM, Andres Freund <andres@anarazel.de> wrote:
>> > I'm not convinced of that. Hiding unexpected issues for longer, just to
>> > continue kind-of-operating, can make the impact of problems a lot worse,
>> > and it makes it very hard to actually learn about the issues.
>>
>> So if we made this a WARNING rather than an ERROR, it wouldn't hiding
>> the issue, but it would be less likely to break things that worked
>> before. No?
>
> Except that we're then accepting the (proven!) potential for data
> loss. We're talking about a single report of an restore_command setting
> odd permissions. Which can easily be fixed.
Well, I think that having restore_command start failing after a minor
release update can cause data loss, too. Or even an outage.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
