<p dir="ltr">On 5 May 2016 12:32 am, "Tom Lane" <<a href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>>
wrote:<br/> ><br /> > To repeat, I'm pretty hesitant to change this logic. While this is not<br /> > the
firstreport we've ever heard of loss of pg_control, I believe I could<br /> > count those reports without running
outof fingers on one hand --- and<br /> > that's counting since the last century. It will take quite a lot of<br />
>evidence to convince me that some other implementation will be more<br /> > reliable. If you just come and
presenta patch to use direct write, or<br /> > rename, or anything else for that matter, I'm going to reject it out
of<br/> > hand unless you provide very strong evidence that it's going to be more<br /> > reliable than the
currentcode across all the systems we support.<p dir="ltr">One thing we could do without much worry of being less
reliablewould be to keep two copies of pg_control. Write one, fsync, then write to the other and fsync that one.<p
dir="ltr">Oraclekeeps a copy of the old control file so that you can always go back to an older version if a hardware
orsoftware bug currupts it. But they keep a lot more data in their control file and they can be quite large.