On Sun, Dec 25, 2011 at 11:00:26AM +0100, Branko Čibej wrote: > On 25.12.2011 10:20, schame...@spinor.com wrote: > > On 2011-12-25 06:37, Branko Čibej wrote: > >> There are always going to be cases where you have to > >> decide between aborting, or risking data corruption (or worse). Which > >> would you pick? > > > > Definitely data corruption, because (except for bugs) every data > > corruption is continuable and somehow recoverable, > > e.g. in the worst case by the user re-checking out the wc. > > That's an interesting point of view. You are of course assuming that > such data corruption is easily detectable. And that it doesn't waste > days of work.
And that it isn't exploitable... I don't think this conversation can get anywhere because the terms are too abstract. We should be discussing specific examples. Stefan already provided some and I agree that we've been using assertions too generously in some cases. In other cases they're warranted. We'll have to review our SVN_ERR_ASSERT calls and take appropriate action on a case-by-case basis.
