> On the diskstore topic, if we know that the disk stores are wrong at > startup, why don't we just fix them? Why do we require user intervention? > > Let's be clear on what "wrong" means here. If you don't have network partition detection turned on, that means that you can end up with multiple copies of the same region that you are updating independently. In other words, your copies are no longer consistent - you've made different edits to these different copies.
The disk stores detect this condition on restart and report an error, to protect you from losing data. The only "fix" we could do is to switch to an eventual consistency model where there is way to merge and resolve conflicts between different versions of a bucket or a region. Supporting an eventual consistency model is something we could do, but that's not the path we've gone down - we've been favoring consistency over availability. If we really wanted to support eventual consistency we would not have network partition detection, we would just allow the modifications to continue even if the members are not connected and then support some way of merging the data when they are reconnected. -Dan
