Clearly there is the possibility of creating a corrupt repository when
receiving objects and updating refs, if a crash or power failure causes
data not to get written to disk but that data is pointed to. Journaling
mitigates this, but I'd argue that programs should function safely with
only the guarantees from POSIX.
I am curious if anyone has actual experiences to share, either
a report of corruption after a crash (where corruption means that
either 1) git fsck reports worse than dangling objects or 2) some ref
did not either point to the old place or the new place)
experiments intended to provoke corruption, like dropping power during
pushes, or forced panics in the kernel due to timers, etc.
Alternatively, is there somewhere a first-principles analysis vs POSIX
specs (such as fsyncing object files before updating refs to point to
them, which I realize has performance negatives)?
(I have not done experiments, but have observed no corruption.)
Thanks,
Greg
Attachment:
pgpOMkEgTDwv3.pgp
Description: PGP signature