On Wed, Feb 27, 2008 at 9:36 PM, Uwe Dippel <[EMAIL PROTECTED]> wrote: > I was hoping to be clear with my examples. > Within that 1 minute the user has easily received the mail alert that 5 > mails have arrived, has seen the sender and deleted them. Without any trigger > of some snapshot, or storage of that state while the messages were actually > on the drive. No recovery possible. One minute is much too long. Taking the > average reaction time of users, we cannot expect, on the other hand, that the > user is able to perform more than two operations within less than a second > (receiving the notice, recognising the sender, clicking 'Delete').
Uwe, In this case, it is easier for the email appliction to _not_ delete the email but just move it to a time-delayed trash. This is not dissimilar to what gmail did which gives you 30 days to "regret" your deleting decision. You will find that a lot of such "protection" is best implemented at the application level, e.g. Oracle transaction logs, because the data loses their meaning further down the stack. At the FS layer, it is best to think about how you can support the application to do what it wants instead of doing it for the application. -- Just me, Wire ... Blog: <prstat.blogspot.com> _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
