On 08/04/2014 07:54 AM, Robert Haas wrote: > 1. Most seriously, once the postmaster is gone, there's nobody to > SIGQUIT remaining backends if somebody exits uncleanly. This means > that a backend running without a postmaster could be running in a > corrupt shared memory segment, which could lead to all sorts of > misbehavior, including possible data corruption.
I've seen this in the field. > 2. Operationally, orphaned backends prevent the system from being > restarted. There's no easy, automatic way to kill them, so scripts > that automatically restart the database server if it exits don't work. I've also seen this in the field. > Now, I don't say that any of this is a reason not to have a strong > shared memory interlock, but I'm quite unconvinced that the current > behavior should even be optional, let alone the default. I always assumed that the current behavior existed because we *couldn't* fix it, not because anybody wanted it. -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
