> The mistake has only come up two or three times that I can remember,
> which doesn't elevate it to the category of stuff that I want to install
> a lot of mechanism to prevent. Especially not mechanism that would get
> in the way of reasonable uses. I think it's sufficient to have a
> recovery procedure.
Hmmm - I agree it's difficult, but somehow I think it's something we
should do. Just imagine if some major user of postgres did it - they'd
be screaming blue murder...
We could always implement it without locks, thereby taking care of
99.99999% of the times it might happen, with still the availability of a
cure even if they manage to get through that...
Chris