-
Notifications
You must be signed in to change notification settings - Fork 658
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update remove_ledger.py to protect against removing a ledger that has been used #1659
Comments
Hello. |
@Toktar, Exactly, that is the concern, the impact of not being able to read the data. The conversation and answers are best discussed on the HIPE. I think we need to better understand the impact of 1) Freezing a Ledger, 2) Removing the associated plug-in, and 3) Deleting the Ledger. It's not 100% clear what the overall impact is, especially to the audit history of the ledger (and/or associated ledgers), and how this will present itself under various conditions. One such scenario; "Without the plugin (once the ledger has been frozen and the plugin removed) how can the ledger history be validated when there have been transactions processed by it?" Lets continue the conversation over on the PR for the HIPE; hyperledger/indy-hipe#162 |
@m00sey pointed out that there are various developer use cases where people will likely want to delete ledgers with data in them. Specifically, the goal of the task is to delete the token history for the Sovrin test ledgers. This is safe because they are not intended to have a permanent history (see my reply in the associated sovrin-sip). But I agree that there should be a warning. I suggest:
This this address your concern @WadeBarnes ? Is this reasonably easy @Toktar ? |
@esplinr This can be not easy due to the opening of the database in multiple threads. But we believe that this can be solved and will take several days. |
I'm not disputing there are legitimate use cases. However it is imperative the ramifications of such actions are clear and fully understood before actions are taken.
I'll have a look.
Yes, that would address the concerns with this script. |
@Toktar Can you elaborate on why checking if the ledger is empty will take several days of development? What do you mean "opening a database in several threads"? It's not worth multiple days of effort. Our work is better focused on resolving the blockers to release. If it can't be done quickly, then a warning should be added to the top of the script and we should move on. |
Update remove_ledger.py to protect against removing a ledger that has been used.
If a ledger has been used (it contains transactions) it's history is critical to the historical integrity if the network, even if the ledger has been frozen. Without the historical data for a given ledger the ability to
audit the history of the ledger to prove that there was no tampering
is not possible. Therefore it is important to protect such ledgers from being deleted.Refer to the Drawbacks section of the
0162-frozen-ledgers
HIPE in hyperledger/indy-hipe#162.The text was updated successfully, but these errors were encountered: