Context: https://issues.apache.org/jira/browse/CASSANDRA-17679
>From the .yaml comment on the param I was working on adding: In certain environments, operators may want to disable resumable bootstrap in order to avoid potential correctness violations or data loss scenarios. Largely this centers around nodes going down during bootstrap, tombstones being written, and potential races with repair. By default we leave this on as it's been enabled for quite some time, however the option to disable it is more palatable now that we have zero copy streaming as that greatly accelerates Given zero copy streaming in the system and the general unexplored correctness concerns of https://issues.apache.org/jira/browse/CASSANDRA-8838, specifically pointed out by Jeff here: https://issues.apache.org/jira/browse/CASSANDRA-8838?focusedCommentId=16900234&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16900234, I've been chatting w/Paulo about this and we've both concluded we think the functionality should be made configurable, default off (?), deprecated in 4.2 and then completely removed next. - First: anyone have any concerns with the general arc of "remove resumable bootstrap and decommission"? - Second: Should we leave them enabled by default in 4.2 or disabled? - Third: Should we consider revisiting older branches with this functionality and making it toggle-able? ~Josh
