On 2024-07-30 Tu 6:51 PM, David Rowley wrote:
On Wed, 31 Jul 2024 at 09:35, Andrew Dunstan<and...@dunslane.net> wrote:
Fast forward to now. The customer has found no observable ill effects of
marking these functions leakproof. The would like to know if there is
any reason why we can't mark them leakproof, so that they don't have to
do this in every database of every cluster they use.
Thoughts?
According to [1], it's just not been done yet due to concerns about
risk to reward ratios. Nobody mentioned any reason why it couldn't
be, but there were some fears that future code changes could yield new
failure paths.
David
[1]https://postgr.es/m/02BDFCCF-BDBB-4658-9717-4D95F9A91561%40thebuild.com
Hmm, somehow I missed that thread in searching, and clearly I'd
forgotten it.
Still, I'm not terribly convinced by arguments along the lines you're
suggesting. "Sufficient unto the day is the evil thereof." Maybe we need
a test to make sure we don't make changes along those lines, although I
have no idea what such a test would look like.
cheers
andrew
--
Andrew Dunstan
EDB:https://www.enterprisedb.com
