On 08/02/2013 07:54 AM, Stephen Frost wrote: > Curiously, I've not heard any argument about what parameters are "safe" > and what aren't, though I was asked which ones I thought were safe and > which weren't. Perhaps looking at the specific options that would > likely cause PG to not start would be useful to this discussion.
I really think this is the wrong approach. If we start removing "unsafe" parameters from ALTER SYSTEM SET, we basically hobble the feature to the point of uselessness. Out of the 15 or so parameters 80% of our users touch, half of them are on your "unsafe" list. A much simpler solution to the issue Stephen proposes is to have a way to start up the server with all settings from ALTER SYSTEM SET disabled, just like some software allows you to start it up in "safe mode". Of course, automatically disabling the *individual* parameters would be even better from a usability perspective. This would be equally useful for a manually-written postgresql.conf, i.e.: "PostgreSQL is unable to start because we couldn't allocate all of the memory you asked for. Starting up with shared_buffers set to 32MB.". ... However, I'm not confident that we'll always be able to do that. We'd also need to have a way to "kick and scream" so that sysadmins would actually SEE it when the system disables a parameter. -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
