Hi hackers,
> >> After using a patch for a while it became obvious that PANICing during termination is not a good idea. Even when
wewait for synchronous replication. It generates undesired coredumps.
> >> I think in presence of SIGTERM it's reasonable to say that we cannot protect user anymore.
> >> PFA v3.
This patch, although solving a concrete and important problem, looks
more like a quick workaround than an appropriate solution. Or is it
just me?
Ideally, the transaction should be committed only after getting a
reply from the standby. If the user cancels the transaction, it
doesn't get committed anywhere. This is what people into distributed
systems would expect unless stated otherwise, at least. Although I
realize how complicated it is to implement, especially considering all
the possible corner cases (netsplit right after getting a reply, etc).
Maybe we could come up with a less than ideal, but still sound and
easy-to-understand model, which, as soon as you learned it, doesn't
bring unexpected surprises to the user.
I believe at this point it's important to agree if the community is
ready to accept a patch as is to make existing users suffer less and
iterate afterward. Or we choose not to do it and to come up with
another idea. Personally, I don't have any better ideas, thus maybe
accepting Andrey's patch would be the lesser of two evils.
--
Best regards,
Aleksander Alekseev