[
https://issues.apache.org/jira/browse/OAK-3883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15121729#comment-15121729
]
Stefan Egli commented on OAK-3883:
----------------------------------
As mentioned on the list, we'd have to do both of:
* making sure lease ends are always based on valid clocks. Hence we have to
check clocks upon/before each lease update. Which also implies we have to
(re-)define what self-deconstruct means
* and compare the clock against this lease end upon each creation of a revision
(even though the likelihood of the clocks being outside of the leaseEnd should
be minimal thanks to the {{LeaseCheckDocumentStoreWrapper}} - but of course a
thread could pass that hurdle just before a clock-jump, so that's not enough
guarantee)
> Avoid commit from too far in the future (due to clock skews) to go through
> --------------------------------------------------------------------------
>
> Key: OAK-3883
> URL: https://issues.apache.org/jira/browse/OAK-3883
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: core, documentmk
> Reporter: Vikas Saurabh
> Assignee: Vikas Saurabh
> Priority: Minor
> Labels: resilience
> Fix For: 1.6
>
>
> Following up [discussion|http://markmail.org/message/m5jk5nbby77nlqs5] \[0]
> to avoid bad commits due to mis-behaving clocks. Points from the discussion:
> * We can start self-destrucut mode while updating lease
> * Revision creation should check that newly created revision isn't beyond
> leaseEnd time
> * Implementation done for OAK-2682 might be useful
> [0]: http://markmail.org/message/m5jk5nbby77nlqs5
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
