Re: better page-level checksums
Peter Geoghegan <pg@bowt.ie>
From: Peter Geoghegan <pg@bowt.ie>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Bruce Momjian <bruce@momjian.us>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2022-06-15T02:29:44Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Rethink method for assigning OIDs to the template0 and postgres DBs.
- 2cb1272445d2 15.0 landed
-
pg_upgrade: Preserve database OIDs.
- aa01051418f1 15.0 landed
-
pg_upgrade: Preserve relfilenodes and tablespace OIDs.
- 9a974cbcba00 15.0 landed
-
Fix for new Boolean node
- cf925936ecc0 15.0 cited
-
Improve error handling of HMAC computations
- 5513dc6a304d 15.0 cited
-
Add macro RelationIsPermanent() to report relation permanence
- 95d77149c535 14.0 landed
-
Enhance nbtree index tuple deletion.
- d168b666823b 14.0 cited
On Tue, Jun 14, 2022 at 7:17 PM Robert Haas <robertmhaas@gmail.com> wrote: > But it seems > absolutely clear that our goal ought to be to leak as little > information as possible. But at what cost? Basically I think that this is giving up rather a lot. For example, isn't it possible that we'd have corruption that could be a bug in either the checksum code, or in recovery? I'd feel a lot better about it if there was some sense of both the costs and the benefits. > > Let's assume for now that we don't leave pd_flags unencrypted, as you > > have suggested. We're still discussing new approaches to checksumming > > in the scope of this work, which of course includes many individual > > cases that don't involve any encryption. Plus even with encryption > > there are things like defensive assertions that can be added by using > > a flag bit for this. > > True. I don't think we should be too profligate with those bits just > in case somebody needs a bunch of them for something important in the > future, but it's probably fine to use up one or two. Sure, but how many could possibly be needed for this? I can't see it being more than 2 or 3. Which seems absolutely fine. They *definitely* have no value if nobody ever uses them for anything. -- Peter Geoghegan