On Fri, Dec 7, 2018 at 3:34 PM Alvaro Herrera <alvhe...@2ndquadrant.com> wrote: > Yeah, I agree that this downside is real. I think our only protection > against that is to say "don't do that". Like any other tool, it has > upsides and downsides; we shouldn't keep it away from users only because > they might misuse it.
I have a hard time arguing against that given that EDB has this thing in our bag of tricks, but if it weren't for that I'd be fighting against this tooth and nail. Behavior-changing GUCs suuuuck. More generally, whether or not we should "keep something away from our users" really depends on how likely the upsides are to occur relative to the downsides. We don't try to keep users from running DELETE because they might delete data they want; that would be nanny-ism. But we do try to keep them from reading dirty data from an uncommitted transaction because we can't implement that without a risk of server crashes, and that's too big a downside to justify the upside. If we could do it safely, we might. >From that point of view, this is doubtless not the worst feature PostgreSQL will ever have, but it sure ain't the best. > I would be interested to know if the EDB implementation does something > in a better way than this one; then we can improve ours. I haven't studied yours (and don't have time for that right now) so can't comment, at least not now. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
