Kurt, we seem to be talking past each other. While I am concerned about implementation bugs - which I am certain still exist - I have not at any point raised this issue.
My concerns have consistently been more fundamental - the basic properties of a theoretically bug-free MV are simultaneously problematic and unknown. How can we say we have a working feature, when we our definition of ‘working’ is unknown? We have unsafe defaults. Nobody in the wild is even using MVs in the way they were designed, because they were too slow. In no other endeavour have we gone “well, it’s too slow, so let’s just accept data loss by default” The only analysis that I know of to be done on the properties of MVs is my own, and I declared it insufficient after finding multiple surprising limitations in the design that most operators would not expect. We have not even conveyed these known limitations to them. It was agreed that further analysis would be done. It has not been done, and might have uncovered some of the surprising MV timestamp behaviours. We should without question be restoring safe default behaviour. This would likely discourage everyone from using MVs, though, because of the performance. So nobody wants to do it. This is just unacceptable to me, and I’ve yet to hear anybody engage with this. We should without question know the properties of the feature so we can document them. This is hard, so nobody wants to do it. Similarly, I’ve yet to hear a compelling response. > On 5 Oct 2017, at 04:40, Aleksey Yeshchenko <alek...@apple.com> wrote: > > Auth/roles has a non-negligible impact on performance, and isn’t otherwise > required by most users. And for some operators getting involved at CQL layer > isn’t really viable. If you have hundreds/thousands of clusters and only > control the yaml and configs. > > Adding another flag is something we can do today, and in a minor. The > capability framework work seems to be abandoned at the moment, and in the > best case scenario will only happen in 4.0, if at all. > > — > AY > > On 5 October 2017 at 01:19:25, kurt greaves (k...@instaclustr.com) wrote: > > Operators do need a > way to disable features, but it makes a lot more sense to have that as part > of the auth/roles system rather than yaml properties.