On Fri, Aug 1, 2014 at 12:35 AM, Amit Kapila <amit.kapila16@gmail.com> wrote:
>> c) the map is not crash safe by design, because it needs only for
>> incremental backup to track what blocks needs to be backuped, not for
>> consistency or recovery of the whole cluster, so it's not an heavy cost for
>> the whole cluster to maintain it. we could think an option (but it's heavy)
>> to write it at every flush on file to have crash-safe map, but I not think
>> it's so usefull . I think it's acceptable, and probably it's better to force
>> that, to say: "if your db will crash, you need a fullbackup ",
>
> I am not sure if your this assumption is right/acceptable, how can
> we say that in such a case users will be okay to have a fullbackup?
> In general, taking fullbackup is very heavy operation and we should
> try to avoid such a situation.
Besides, the one taking the backup (ie: script) may not be aware of
the need to take a full one.
It's a bad design to allow broken backups at all, IMNSHO.
