On Thu, 2007-01-04 at 11:09 -0500, Tom Lane wrote:
> "Simon Riggs" <simon@2ndquadrant.com> writes:
> > On Thu, 2007-01-04 at 10:00 -0500, Tom Lane wrote:
> >> "Simon Riggs" <simon@2ndquadrant.com> writes:
> >>> Recovery can occur with/without same setting of wal_checksum, to avoid
> >>> complications from crashes immediately after turning GUC on.
> >>
> >> Surely not. Otherwise even the "on" setting is not really a defense.
>
> > Only when the CRC is exactly zero, which happens very very rarely.
>
> "It works most of the time" doesn't exactly satisfy me. What's the
> use-case for changing the variable on the fly anyway? Seems a better
> solution is just to lock down the setting at postmaster start.
That would prevent us from using the secondary checkpoint location, in
the case of a crash effecting the primary checkpoint when it is a
shutdown checkpoint where we changed the setting of wal_checksum. It
seemed safer to allow a very rare error through to the next level of
error checking rather than to close the door so tight that recovery
would not be possible in a very rare case.
If your're good with server start, so am I.
--
Simon Riggs
EnterpriseDB http://www.enterprisedb.com