On Sun, Apr 12, 2020 at 10:23:24AM -0400, Tom Lane wrote: > Magnus Hagander <magnus@xxxxxxxxxxxx> writes: >> And FWIW, I do think we should change the default. And maybe spend some >> extra effort on the message coming out of pg_upgrade in this case to make >> it clear to people what their options are and exactly what to do. > > Is there any hard evidence of checksums catching problems at all? > Let alone in sufficient number to make them be on-by-default? I don't know if that's a sufficient number, but I have dealt with corruption cases on virtual environments where these have been really essential to find out proof that the origin of the problem was not Postgres because those bugs created wild and incorrect block overwrites. With the software stack getting more complicated, making them the default would make sense IMO. Now the case of upgrades is more tricky than it is, no? There is a copy of the file so we may be able to do a block-to-block copy and update of the checksum, but you cannot do that with the --link mode. -- Michael
Attachment:
signature.asc
Description: PGP signature
