On February 11, 2022 6:15 PM, Junio C Hamano wrote: > Neeraj Singh <nksingh85@xxxxxxxxx> writes: > > > In practice, almost all users have core.fsyncObjectFiles set to the > > platform default, which is 'false' everywhere besides Windows. So at > > minimum, we have to take default to mean that we maintain behavior no > > weaker than the current version of Git, otherwise users will start > > losing their data. > > Would they? If they think platform default is performant and safe > enough for their use, as long as our adjustment is out outrageously more > dangerous or less performant, I do not think "no weaker than" > is a strict requirement. If we were overly conservative in some areas than the > "platform default", making it less conservative in those areas to match the > looseness of other areas should be OK and vice versa. > > > One path to get to your suggestion from the current patch series would > > be to remove the component-specific options and only provide aggregate > > options. Alternatively, we could just not document the > > component-specific options and leave them available to be people who > > read source code. So if I rename the aggregate options in terms of > > 'levels of durability', and only document those, would that be > > acceptable? > > In any case, if others who reviewed the series in the past are happy with the > "two knobs" approach and are willing to jump in to help new users who will be > confused with one knob too many, I actually am OK with the series that I called > "overly complex". Let me let them weigh in before I can answer that question. On behalf of those who are likely to set fsync to true in all cases, because a SIGSEGV or some other early abort will cause changes to be lost, I am not happy with excessive knobs, as we will have to ensure that the are all set to "write this out to disk as quickly as soon as possible or else". I end up having to teach large numbers of people about these settings and think that excessive controls in this area are overwhelmingly bad. This is not a "windows vs. everything else" situation. Not all platforms write buffered by default. fwrite and write behave different on NonStop (and other POSIXy things, and some variants are fully virtualized, so who knows what the hypervisor will do - it's bad enough that there is even an option to tell the hypervisor to keep things in memory until convenient to write even on RAID 0/1 emulation). Teaching people how to use the knobs correctly is going to be a challenge. For me, I'm always willing to sacrifice performance for reliability - 100% of the time. I'm sure this whole series is going to be problematic. I'm sorry but that's my position on it. The default position of all knobs must be to force the write and keeping it simple so that variations on knob settings give different results is not going to end well. Sincerely, Randall
