> > It seems that one way out is just to fall back to "read only" as soon > > as a single failure happens. That's the least graceful but maybe > > safest approach to failure, analogous to what fsck does to your root > > filesystem at boot time. Of course, since there's no "read only" > > mode at the moment, this is all pretty hand-wavy on my part :-/ > > Yes, but that affects all users, not just the transaction we were > working on. I think we have to get beyond the idea that this can be made > failure-proof, and just outline the behaviors for failure, and it has to > be configurable by the administrator.
Yes, but holding locks on the affected rows IS appropriate until the administrator issues something like: ALTER SYSTEM ABORT GLOBAL TRANSACTION 123;
signature.asc
Description: This is a digitally signed message part
