Document or fix potentially dangerous side effect of `-reset database`?

I’m in the process of documenting the behaviour of -reset-database.

I’m concerned that documenting the behaviour of a potentially dangerous side effect may not be the right long-term course of action. I’m still happy to do it in the short term, if it’s deemed appropriate though.

I have a few concerns with -reset-database or its REST equivalent:

• It doesn’t follow the principle of least astonishment
  • It sounds like it only changes the database, but it changes sync folders also
• It creates a .stfolder if one doesn’t exist in a sync folder
  • This could be very bad where a sync folder is an unmounted external drive, filling up a laptop’s small internal disk
  • If the external disk is mounted later, it will then mask the data written to the internal disk
    • Reversions to old versions may occur

Wouldn’t it be better to:

• Not create .stfolders
• Only scan / update the database for the folders which syncthing has marked as it’s own (ie, .stfolder exists)
• Update the documntation of -reset-database to say:

  Reset the database, forcing a full rescan and resync of all currently available sync folders.

-reset-database is indeed incredibly dangerous.

Without the database, the situation is as if you had just installed Syncthing and hand written a config file. It would be surprising if it refused to sync the folders you point to and require creation of magic hidden files.