It better than that, there are 7 Elders but circa 20 nodes in a section . So we could lose 2 from 20 in that case.
It is also catastrophic recovery? So can a blip cause 90% loss, but then if those 90% reconnect quickly, it is different to lost forever node.
Yes reboot is a serious one, all nodes might end up moved, but the rule is nodes must never delete data without republishing it first.
So a few different things at play, but recovery from lost consensus should come first I reckon.
Another thing to consider is higher replication fact means less different data on nodes, so nodes fill very fast with extra duplicates. If we take replication to it’s logical end, then all nodes hold all data. So now it’s less than that, but what is safe?
So we can lose 2 Elders and be OK, so we can say we can lose 2 copies of data and also be Safe, so keep 3 copies?
There’s a lot of tweaking gonna happen here for sure.
In terms of how much protection we get, it’s down to many factors, more copies, more nodes, more admin.
So our goal should be what is the replication factor that makes Data as Safe as the network? Again though a massive amount of things to consider. I will defo take time and describe this with all its side effects as soon as I can. It’s really interesting.