Maarten Aertsen <sagi-notmuch@rtsn.nl> writes: > In the case of any failure, we now return EX_TEMPFAIL (a sendmail > convention, defined in sysexits.h) to signal to the LDA that it should > retry later. This prevents a direct reject or bounce of e-mail. We talked a bit on IRC about the portability of sysexits.h. Afaik, it's available in GNU systems, on *BSD systems, and on OS/X. We can also borrow the gnulib copy if we need a compatability version. > +notmuch_bool_t notmuch_has_unmatched_db_uuid (notmuch_database_t *notmuch); > void notmuch_exit_if_unmatched_db_uuid (notmuch_database_t *notmuch); It's a bit unfortunate to end up with two such functions, but I guess we could migrate everything to has_unmatched_db_uuid. The double negative is a bit confusing too, it seems like it would be more natural to have a _has_matching_db_uuid > + status = notmuch_database_open (notmuch_config_get_database_path (config), > + NOTMUCH_DATABASE_MODE_READ_WRITE, ¬much); > + if (! status) { > + /* with keep, send EX_TEMPFAIL per sysexits.h to invite the caller to > + * retry at some later point and avoid permanent failure */ > + if (notmuch_has_unmatched_db_uuid(notmuch)) > + exit (keep ? EX_TEMPFAIL : EXIT_FAILURE); We're a bit fussy about spaces; see devel/STYLE I'd invite brainstorming about whether mismatched UUID is really a temporary failure. Unlike a lock, I don't see it going away without user/admin intervention. Actually, someone even specifying a UUID when calling notmuch insert would be a bit surprising. I suspect some of the tests in T070-insert.sh could/should be updated for changed exit values. d