The mistake has only come up two or three times that I can remember, which doesn't elevate it to the category of stuff that I want to install a lot of mechanism to prevent. Especially not mechanism that would get in the way of reasonable uses. I think it's sufficient to have a recovery procedure.
Hmmm - I agree it's difficult, but somehow I think it's something we should do. Just imagine if some major user of postgres did it - they'd be screaming blue murder...
We could always implement it without locks, thereby taking care of 99.99999% of the times it might happen, with still the availability of a cure even if they manage to get through that...
Chris
---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
