Comment 166 for bug 317781

@CowBoyTim

Power failure during fsync() will result in a half-written file, but that's why the correct sequence is

1) Create new temp file
2) Write to new temp file
3) fsync() new temp file
4) rename() over old file

If there's a power failure before or during step 3, the temp file will be partially written or not at all, but you'll still have the old data intact. A power failure during step 4 is no problem due to journaling. Therefore this really does give 100% assurance of durability, unless of course the hardware fails. But "it's not perfect, therefore it's worthless" is flawed logic anyway.