Bill Sommerfeld wrote:
On 04/01/10 10:28, Neil Perrin wrote:
We've flip-flopped on whether it should be inherited. It's currently
coded as inherited, and I know Robert believes it should stay that way.
Anyway, it was generally felt by the zfs group that sync=disabled
was sufficiently dangerous to require explicit setting on each dataset.
I would be ok with it being inherited.
IMHO, sync=disabled is less dangerous than checksum=off, which is
inherited.
Both can result in silent data corruption. In the case of
sync=disabled, only recently written data can be lost, and the loss
occurs in conjuction with a pretty obvious event (a crash and reboot).
In the case of checksum=off, any data written while the setting is in
effect can be lost.
Inheriting sync=always is actually useful and non-dangerous; on balance,
IMHO it's less confusing and more useful for sync to be inherited.
- Bill
+1. I'm generally skeptical of the argument that administration should
become more cumbersome if the action you're trying to take is dangerous.
For one thing, it's hard to implement this principle consistently. As
Bill points out, you usually don't have to look too hard to find
something else that is just as dangerous but not equally cumbersome.
Scott
--
Scott Rotondo
Senior Principal Engineer, Solaris Engineering
President, Trusted Computing Group
Phone/FAX: +1 408 850 3655 (Internal x68278)
_______________________________________________
opensolaris-arc mailing list
[email protected]
