[OpenAFS-devel] Re: New volume header field: root DV

[Andrew Deason]

On Tue, 2 Mar 2010 15:15:49 -0500
Derrick Brashear <shadow@gmail.com> wrote:

> I still advocate the "no, the volume is trashed, we give you a high dv
> and make the volume readonly" approach. if you lost the root vnode,
> you're not really in good shape. But I'm unwilling to suggest it's the
> "one true way"

For clarification/context: the approach described is to encourage the
user to only use the volume to copy data to a new volume, since the old
one is fragile/trashed. (At least, that's my take; correct me if I'm
wrong)

I'm leaning towards agreeing with that, but I'm unsure if our "don't use
this volume" sign is sufficiently big and flashy. We can log, and we can
prevent writes (to clarify: you just mean via the root ACL, right?), but
I'm pretty sure even then someone's going to use it anyway.

We can only prevent self-foot-shooting so much... but would it be going
too far to drop a file in the new root dir, that actually says to not
use the volume? Since everything in the dir will be orphans, we
shouldn't need to worry about colliding with another filename.

-- 
Andrew Deason
adeason@sinenomine.net