On 2020-Jul-07, movead...@highgo.ca wrote: > >ISTM that a reasonable compromise is that if you use -x (or -c, -m, -O) > >and the input value is outside the range supported by existing files, > >then it's a fatal error; unless you use --force, which turns it into > >just a warning. > > I do not think '--force' is a good choice, so I add a '--test, -t' option to > force to write a unsafe value to pg_control. > Do you think it is an acceptable method?
The rationale for this interface is unclear to me. Please explain what happens in each case? In my proposal, we'd have: * Bad value, no --force: - program raises error, no work done. * Bad value with --force: - program raises warning but changes anyway. * Good value, no --force: - program changes value without saying anything * Good value with --force: - same The rationale for this interface is convenient knowledgeable access: the DBA runs the program with value X, and if the value is good, then they're done. If the program raises an error, DBA has a choice: either run with --force because they know what they're doing, or don't do anything because they know that they would make a mess. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
